From 434fddbe71b47f61d33462fc777feaabf7054dec Mon Sep 17 00:00:00 2001 From: Philip Cox Date: Fri, 10 May 2024 10:32:13 -0400 Subject: [PATCH] Import Debian changes 5.4.0-1126.136 linux-aws (5.4.0-1126.136) focal; urgency=medium * focal/linux-aws: 5.4.0-1126.136 -proposed tracker (LP: #2063766) [ Ubuntu: 5.4.0-186.206 ] * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812) * Mount CIFS fails with Permission denied (LP: #2061986) - cifs: fix ntlmssp auth when there is no key exchange * USB stick can't be detected (LP: #2040948) - usb: Disable USB3 LPM at shutdown * CVE-2024-26733 - net: dev: Convert sa_data to flexible array in struct sockaddr - arp: Prevent overflow in arp_req_get(). - stddef: Introduce DECLARE_FLEX_ARRAY() helper * CVE-2024-26712 - powerpc/kasan: Fix addr error caused by page alignment * CVE-2023-52530 - wifi: mac80211: fix potential key use-after-free * CVE-2021-47063 - drm: bridge/panel: Cleanup connector on bridge detach * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array- index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux- hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times, especially during boot. (LP: #2058477) - hv: hyperv.h: Replace one-element array with flexible-array member * CVE-2024-26614 - tcp: make sure init the accept_queue's spinlocks once - ipv6: init the accept_queue's spinlocks in inet6_create * Focal update: v5.4.271 upstream stable release (LP: #2060216) - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter - net: ip_tunnel: prevent perpetual headroom growth - tun: Fix xdp_rxq_info's queue_index when detaching - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected - net: usb: dm9601: fix wrong return value in dm9601_mdio_read - Bluetooth: Avoid potential use-after-free in hci_error_reset - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST - Bluetooth: Enforce validation on max value of connection interval - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back - efi/capsule-loader: fix incorrect allocation size - power: supply: bq27xxx-i2c: Do not free non existing IRQ - ALSA: Drop leftover snd-rtctimer stuff from Makefile - afs: Fix endless loop in directory parsing - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() - wifi: nl80211: reject iftype change with mesh ID change - btrfs: dev-replace: properly validate device names - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read - dmaengine: fsl-qdma: init irq after reg initialization - mmc: core: Fix eMMC initialization with 1-bit bus connection - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers - cachefiles: fix memory leak in cachefiles_add_cache() - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super - gpio: 74x164: Enable output pins after registers are reset - Linux 5.4.271 * Focal update: v5.4.270 upstream stable release (LP: #2060019) - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler - net/sched: Retire CBQ qdisc - [Config] updateconfigs for NET_SCH_CBQ - net/sched: Retire ATM qdisc - [Config] updateconfigs for NET_SCH_ATM - net/sched: Retire dsmark qdisc - [Config] updateconfigs for NET_SCH_DSMARK - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() - nilfs2: replace WARN_ONs for invalid DAT metadata block requests - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb - sched/rt: Fix sysctl_sched_rr_timeslice intial value - sched/rt: Disallow writing invalid values to sched_rt_period_us - scsi: target: core: Add TMF to tmr_list handling - dmaengine: shdma: increase size of 'dev_id' - dmaengine: fsl-qdma: increase size of 'irq_name' - wifi: cfg80211: fix missing interfaces when dumping - wifi: mac80211: fix race condition on enabling fast-xmit - fbdev: savage: Error out if pixclock equals zero - fbdev: sis: Error out if pixclock equals zero - ahci: asm1166: correct count of reported ports - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() - regulator: pwm-regulator: Add validity checks in continuous .get_voltage - nvmet-tcp: fix nvme tcp ida memory leak - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new - nvmet-fc: abort command when there is no binding - hwmon: (coretemp) Enlarge per package core count limit - scsi: lpfc: Use unsigned type for num_sge - firewire: core: send bus reset promptly on gap count error - virtio-blk: Ensure no requests in virtqueues before deleting vqs. - s390/qeth: Fix potential loss of L3-IP@ in case of network issues - pmdomain: renesas: r8a77980-sysc: CR7 must be always on - tcp: factor out __tcp_close() helper - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit - tcp: add annotations around sk->sk_shutdown accesses - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups - spi: mt7621: Fix an error message in mt7621_spi_probe() - net: bridge: clear bridge's private skb space on xmit - selftests/bpf: Avoid running unprivileged tests with alignment requirements - Revert "drm/sun4i: dsi: Change the start delay calculation" - drm/amdgpu: Check for valid number of registers to read - x86/alternatives: Disable KASAN in apply_alternatives() - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() - iomap: Set all uptodate bits for an Uptodate page - drm/amdgpu: Fix type of second parameter in trans_msg() callback - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node - PCI: tegra: Fix reporting GPIO error value - PCI: tegra: Fix OF node reference leak - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error - dm-crypt: don't modify the data when using authenticated encryption - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() - PCI/MSI: Prevent MSI hardware interrupt number truncation - l2tp: pass correct message length to ip6_append_data - ARM: ep93xx: Add terminator to gpiod_lookup_table - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() - usb: cdns3: fix memory double free when handle zero packet - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs - usb: roles: don't get/set_role() when usb_role_switch is unregistered - IB/hfi1: Fix a memleak in init_credit_return - RDMA/bnxt_re: Return error for SRQ resize - RDMA/srpt: Make debug output more detailed - RDMA/srpt: fix function pointer cast warnings - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions - bpf, scripts: Correct GPL license name - scsi: jazz_esp: Only build if SCSI core is builtin - nouveau: fix function cast warnings - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid - afs: Increase buffer size in afs_update_volume_status() - ipv6: sr: fix possible use-after-free and null-ptr-deref - packet: move from strlcpy with unused retval to strscpy - s390: use the correct count for __iowrite64_copy() - tls: rx: jump to a more appropriate label - tls: rx: drop pointless else after goto - tls: stop recv() if initial process_rx_list gave us non-DATA - netfilter: nf_tables: set dormant flag on hook register failure - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio - scripts/bpf: Fix xdp_md forward declaration typo - Linux 5.4.270 * CVE-2023-47233 - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach * CVE-2021-47070 - uio: uio_hv_generic: use devm_kzalloc() for private data alloc - uio_hv_generic: Fix another memory leak in error handling paths * CVE-2024-26622 - tomoyo: fix UAF write bug in tomoyo_write_control() --- Makefile | 2 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/powerpc/mm/kasan/kasan_init_32.c | 4 +- arch/s390/pci/pci.c | 2 +- arch/x86/kernel/alternative.c | 13 ++ arch/x86/kernel/cpu/intel.c | 178 +++++++++--------- debian.aws/changelog | 156 +++++++++++++++ debian.aws/reconstruct | 3 + debian.aws/tracking-bug | 2 +- debian.master/changelog | 156 ++++++++++++++- debian.master/config/annotations | 3 - debian.master/reconstruct | 3 + debian.master/tracking-bug | 2 +- debian.master/upstream-stable | 2 +- debian/changelog | 156 +++++++++++++++ debian/control | 60 +++--- drivers/ata/ahci.c | 34 +++- drivers/ata/ahci.h | 1 + drivers/block/virtio_blk.c | 7 +- drivers/dma/fsl-qdma.c | 23 +-- drivers/dma/sh/shdma.h | 2 +- drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 +- drivers/gpu/drm/bridge/panel.c | 11 +- drivers/gpu/drm/drm_syncobj.c | 16 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 +- drivers/hwmon/coretemp.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 18 +- drivers/md/dm-crypt.c | 6 + drivers/md/dm-integrity.c | 11 +- drivers/mmc/core/mmc.c | 2 + drivers/net/gtp.c | 14 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/nvme/target/fc.c | 8 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/pci-tegra.c | 17 +- drivers/pci/msi.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 23 ++- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-mt7621.c | 8 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/cdns3/gadget.c | 8 +- drivers/usb/core/port.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 12 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/dir.c | 4 +- fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/dev-replace.c | 24 ++- fs/cachefiles/bind.c | 3 + fs/cifs/sess.c | 54 ++++-- fs/ext4/mballoc.c | 13 +- fs/hugetlbfs/inode.c | 6 +- fs/iomap/buffered-io.c | 3 + fs/nilfs2/dat.c | 27 ++- include/linux/fs.h | 2 + include/linux/hyperv.h | 2 +- include/linux/lockdep.h | 5 + include/linux/socket.h | 5 +- include/linux/stddef.h | 13 ++ include/net/tcp.h | 1 + include/uapi/linux/stddef.h | 16 ++ kernel/sched/rt.c | 10 +- kernel/sysctl.c | 4 + mm/memcontrol.c | 6 + mm/userfaultfd.c | 14 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 9 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_device.c | 2 + net/core/dev.c | 2 +- net/core/dev_ioctl.c | 2 +- net/core/rtnetlink.c | 11 +- net/ipv4/af_inet.c | 2 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 ++- net/ipv4/ip_tunnel.c | 28 ++- net/ipv4/tcp.c | 27 ++- net/ipv4/tcp_input.c | 4 +- net/ipv6/addrconf.c | 28 ++- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 +- net/packet/af_packet.c | 12 +- net/sched/Kconfig | 42 ----- net/sched/Makefile | 3 - net/sched/sch_atm.c | 13 +- net/sched/sch_cbq.c | 9 +- net/sched/sch_dsmark.c | 9 +- net/tls/tls_sw.c | 12 +- net/wireless/nl80211.c | 3 + scripts/bpf_helpers_doc.py | 157 ++++++++++++++- scripts/kernel-doc | 3 +- sound/core/Makefile | 1 - sound/soc/sunxi/sun4i-spdif.c | 5 + tools/testing/selftests/bpf/test_verifier.c | 13 ++ virt/kvm/arm/vgic/vgic-its.c | 5 + 121 files changed, 1391 insertions(+), 434 deletions(-) diff --git a/Makefile b/Makefile index 32674fab5..169fdd9b8 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 VERSION = 5 PATCHLEVEL = 4 -SUBLEVEL = 269 +SUBLEVEL = 271 EXTRAVERSION = NAME = Kleptomaniac Octopus diff --git a/arch/arm/mach-ep93xx/core.c b/arch/arm/mach-ep93xx/core.c index 6fb19a393..c06ae33dc 100644 --- a/arch/arm/mach-ep93xx/core.c +++ b/arch/arm/mach-ep93xx/core.c @@ -337,6 +337,7 @@ static struct gpiod_lookup_table ep93xx_i2c_gpiod_table = { GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN), GPIO_LOOKUP_IDX("G", 0, NULL, 1, GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN), + { } }, }; diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi index bf40500ad..e1097ba6c 100644 --- a/arch/arm64/boot/dts/qcom/msm8916.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi @@ -1097,8 +1097,8 @@ vddmx-supply = <&pm8916_l3>; vddpx-supply = <&pm8916_l7>; - qcom,state = <&wcnss_smp2p_out 0>; - qcom,state-names = "stop"; + qcom,smem-states = <&wcnss_smp2p_out 0>; + qcom,smem-state-names = "stop"; pinctrl-names = "default"; pinctrl-0 = <&wcnss_pin_a>; diff --git a/arch/powerpc/mm/kasan/kasan_init_32.c b/arch/powerpc/mm/kasan/kasan_init_32.c index 3f78007a7..84b0bd1b8 100644 --- a/arch/powerpc/mm/kasan/kasan_init_32.c +++ b/arch/powerpc/mm/kasan/kasan_init_32.c @@ -90,8 +90,10 @@ static int __ref kasan_init_region(void *start, size_t size) if (ret) return ret; - if (!slab_is_available()) + if (!slab_is_available()) { + k_start = k_start & PAGE_MASK; block = memblock_alloc(k_end - k_start, PAGE_SIZE); + } for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { pmd_t *pmd = pmd_offset(pud_offset(pgd_offset_k(k_cur), k_cur), k_cur); diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 563c9138d..8809a506a 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -222,7 +222,7 @@ resource_size_t pcibios_align_resource(void *data, const struct resource *res, /* combine single writes by using store-block insn */ void __iowrite64_copy(void __iomem *to, const void *from, size_t count) { - zpci_memcpy_toio(to, from, count); + zpci_memcpy_toio(to, from, count * 8); } void __iomem *ioremap(unsigned long ioaddr, unsigned long size) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 15bad8d59..faae8a185 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -374,6 +374,17 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start, u8 insn_buff[MAX_PATCH_LEN]; DPRINTK("alt table %px, -> %px", start, end); + + /* + * In the case CONFIG_X86_5LEVEL=y, KASAN_SHADOW_START is defined using + * cpu_feature_enabled(X86_FEATURE_LA57) and is therefore patched here. + * During the process, KASAN becomes confused seeing partial LA57 + * conversion and triggers a false-positive out-of-bound report. + * + * Disable KASAN until the patching is complete. + */ + kasan_disable_current(); + /* * The scan order should be from start to end. A later scanned * alternative code can overwrite previously scanned alternative code. @@ -434,6 +445,8 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start, text_poke_early(instr, insn_buff, insn_buff_sz); } + + kasan_enable_current(); } #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 44688917d..0418606ec 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -187,6 +187,90 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c) return false; } +#define MSR_IA32_TME_ACTIVATE 0x982 + +/* Helpers to access TME_ACTIVATE MSR */ +#define TME_ACTIVATE_LOCKED(x) (x & 0x1) +#define TME_ACTIVATE_ENABLED(x) (x & 0x2) + +#define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ +#define TME_ACTIVATE_POLICY_AES_XTS_128 0 + +#define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ + +#define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ +#define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 + +/* Values for mktme_status (SW only construct) */ +#define MKTME_ENABLED 0 +#define MKTME_DISABLED 1 +#define MKTME_UNINITIALIZED 2 +static int mktme_status = MKTME_UNINITIALIZED; + +static void detect_tme_early(struct cpuinfo_x86 *c) +{ + u64 tme_activate, tme_policy, tme_crypto_algs; + int keyid_bits = 0, nr_keyids = 0; + static u64 tme_activate_cpu0 = 0; + + rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); + + if (mktme_status != MKTME_UNINITIALIZED) { + if (tme_activate != tme_activate_cpu0) { + /* Broken BIOS? */ + pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); + pr_err_once("x86/tme: MKTME is not usable\n"); + mktme_status = MKTME_DISABLED; + + /* Proceed. We may need to exclude bits from x86_phys_bits. */ + } + } else { + tme_activate_cpu0 = tme_activate; + } + + if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { + pr_info_once("x86/tme: not enabled by BIOS\n"); + mktme_status = MKTME_DISABLED; + return; + } + + if (mktme_status != MKTME_UNINITIALIZED) + goto detect_keyid_bits; + + pr_info("x86/tme: enabled by BIOS\n"); + + tme_policy = TME_ACTIVATE_POLICY(tme_activate); + if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) + pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); + + tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); + if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { + pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", + tme_crypto_algs); + mktme_status = MKTME_DISABLED; + } +detect_keyid_bits: + keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); + nr_keyids = (1UL << keyid_bits) - 1; + if (nr_keyids) { + pr_info_once("x86/mktme: enabled by BIOS\n"); + pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); + } else { + pr_info_once("x86/mktme: disabled by BIOS\n"); + } + + if (mktme_status == MKTME_UNINITIALIZED) { + /* MKTME is usable */ + mktme_status = MKTME_ENABLED; + } + + /* + * KeyID bits effectively lower the number of physical address + * bits. Update cpuinfo_x86::x86_phys_bits accordingly. + */ + c->x86_phys_bits -= keyid_bits; +} + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -339,6 +423,13 @@ static void early_init_intel(struct cpuinfo_x86 *c) */ if (detect_extended_topology_early(c) < 0) detect_ht_early(c); + + /* + * Adjust the number of physical bits early because it affects the + * valid bits of the MTRR mask registers. + */ + if (cpu_has(c, X86_FEATURE_TME)) + detect_tme_early(c); } #ifdef CONFIG_X86_32 @@ -540,90 +631,6 @@ static void detect_vmx_virtcap(struct cpuinfo_x86 *c) } } -#define MSR_IA32_TME_ACTIVATE 0x982 - -/* Helpers to access TME_ACTIVATE MSR */ -#define TME_ACTIVATE_LOCKED(x) (x & 0x1) -#define TME_ACTIVATE_ENABLED(x) (x & 0x2) - -#define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ -#define TME_ACTIVATE_POLICY_AES_XTS_128 0 - -#define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ - -#define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ -#define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 - -/* Values for mktme_status (SW only construct) */ -#define MKTME_ENABLED 0 -#define MKTME_DISABLED 1 -#define MKTME_UNINITIALIZED 2 -static int mktme_status = MKTME_UNINITIALIZED; - -static void detect_tme(struct cpuinfo_x86 *c) -{ - u64 tme_activate, tme_policy, tme_crypto_algs; - int keyid_bits = 0, nr_keyids = 0; - static u64 tme_activate_cpu0 = 0; - - rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); - - if (mktme_status != MKTME_UNINITIALIZED) { - if (tme_activate != tme_activate_cpu0) { - /* Broken BIOS? */ - pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); - pr_err_once("x86/tme: MKTME is not usable\n"); - mktme_status = MKTME_DISABLED; - - /* Proceed. We may need to exclude bits from x86_phys_bits. */ - } - } else { - tme_activate_cpu0 = tme_activate; - } - - if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { - pr_info_once("x86/tme: not enabled by BIOS\n"); - mktme_status = MKTME_DISABLED; - return; - } - - if (mktme_status != MKTME_UNINITIALIZED) - goto detect_keyid_bits; - - pr_info("x86/tme: enabled by BIOS\n"); - - tme_policy = TME_ACTIVATE_POLICY(tme_activate); - if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) - pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); - - tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); - if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { - pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", - tme_crypto_algs); - mktme_status = MKTME_DISABLED; - } -detect_keyid_bits: - keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); - nr_keyids = (1UL << keyid_bits) - 1; - if (nr_keyids) { - pr_info_once("x86/mktme: enabled by BIOS\n"); - pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); - } else { - pr_info_once("x86/mktme: disabled by BIOS\n"); - } - - if (mktme_status == MKTME_UNINITIALIZED) { - /* MKTME is usable */ - mktme_status = MKTME_ENABLED; - } - - /* - * KeyID bits effectively lower the number of physical address - * bits. Update cpuinfo_x86::x86_phys_bits accordingly. - */ - c->x86_phys_bits -= keyid_bits; -} - static void init_cpuid_fault(struct cpuinfo_x86 *c) { u64 msr; @@ -758,9 +765,6 @@ static void init_intel(struct cpuinfo_x86 *c) if (cpu_has(c, X86_FEATURE_VMX)) detect_vmx_virtcap(c); - if (cpu_has(c, X86_FEATURE_TME)) - detect_tme(c); - init_intel_misc_features(c); if (tsx_ctrl_state == TSX_CTRL_ENABLE) diff --git a/debian.aws/changelog b/debian.aws/changelog index 202365838..2c5f8af22 100644 --- a/debian.aws/changelog +++ b/debian.aws/changelog @@ -1,3 +1,159 @@ +linux-aws (5.4.0-1126.136) focal; urgency=medium + + * focal/linux-aws: 5.4.0-1126.136 -proposed tracker (LP: #2063766) + + [ Ubuntu: 5.4.0-186.206 ] + + * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812) + * Mount CIFS fails with Permission denied (LP: #2061986) + - cifs: fix ntlmssp auth when there is no key exchange + * USB stick can't be detected (LP: #2040948) + - usb: Disable USB3 LPM at shutdown + * CVE-2024-26733 + - net: dev: Convert sa_data to flexible array in struct sockaddr + - arp: Prevent overflow in arp_req_get(). + - stddef: Introduce DECLARE_FLEX_ARRAY() helper + * CVE-2024-26712 + - powerpc/kasan: Fix addr error caused by page alignment + * CVE-2023-52530 + - wifi: mac80211: fix potential key use-after-free + * CVE-2021-47063 + - drm: bridge/panel: Cleanup connector on bridge detach + * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array- + index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux- + hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times, + especially during boot. (LP: #2058477) + - hv: hyperv.h: Replace one-element array with flexible-array member + * CVE-2024-26614 + - tcp: make sure init the accept_queue's spinlocks once + - ipv6: init the accept_queue's spinlocks in inet6_create + * Focal update: v5.4.271 upstream stable release (LP: #2060216) + - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter + - net: ip_tunnel: prevent perpetual headroom growth + - tun: Fix xdp_rxq_info's queue_index when detaching + - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() + - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is + detected + - net: usb: dm9601: fix wrong return value in dm9601_mdio_read + - Bluetooth: Avoid potential use-after-free in hci_error_reset + - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST + - Bluetooth: Enforce validation on max value of connection interval + - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() + - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back + - efi/capsule-loader: fix incorrect allocation size + - power: supply: bq27xxx-i2c: Do not free non existing IRQ + - ALSA: Drop leftover snd-rtctimer stuff from Makefile + - afs: Fix endless loop in directory parsing + - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() + - wifi: nl80211: reject iftype change with mesh ID change + - btrfs: dev-replace: properly validate device names + - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read + - dmaengine: fsl-qdma: init irq after reg initialization + - mmc: core: Fix eMMC initialization with 1-bit bus connection + - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers + - cachefiles: fix memory leak in cachefiles_add_cache() + - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super + - gpio: 74x164: Enable output pins after registers are reset + - Linux 5.4.271 + * Focal update: v5.4.270 upstream stable release (LP: #2060019) + - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() + - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler + - net/sched: Retire CBQ qdisc + - [Config] updateconfigs for NET_SCH_CBQ + - net/sched: Retire ATM qdisc + - [Config] updateconfigs for NET_SCH_ATM + - net/sched: Retire dsmark qdisc + - [Config] updateconfigs for NET_SCH_DSMARK + - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset + - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() + - nilfs2: replace WARN_ONs for invalid DAT metadata block requests + - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb + - sched/rt: Fix sysctl_sched_rr_timeslice intial value + - sched/rt: Disallow writing invalid values to sched_rt_period_us + - scsi: target: core: Add TMF to tmr_list handling + - dmaengine: shdma: increase size of 'dev_id' + - dmaengine: fsl-qdma: increase size of 'irq_name' + - wifi: cfg80211: fix missing interfaces when dumping + - wifi: mac80211: fix race condition on enabling fast-xmit + - fbdev: savage: Error out if pixclock equals zero + - fbdev: sis: Error out if pixclock equals zero + - ahci: asm1166: correct count of reported ports + - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers + - ext4: avoid allocating blocks from corrupted group in + ext4_mb_try_best_found() + - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() + - regulator: pwm-regulator: Add validity checks in continuous .get_voltage + - nvmet-tcp: fix nvme tcp ida memory leak + - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 + - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in + sctp_new + - nvmet-fc: abort command when there is no binding + - hwmon: (coretemp) Enlarge per package core count limit + - scsi: lpfc: Use unsigned type for num_sge + - firewire: core: send bus reset promptly on gap count error + - virtio-blk: Ensure no requests in virtqueues before deleting vqs. + - s390/qeth: Fix potential loss of L3-IP@ in case of network issues + - pmdomain: renesas: r8a77980-sysc: CR7 must be always on + - tcp: factor out __tcp_close() helper + - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit + - tcp: add annotations around sk->sk_shutdown accesses + - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours + - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups + - spi: mt7621: Fix an error message in mt7621_spi_probe() + - net: bridge: clear bridge's private skb space on xmit + - selftests/bpf: Avoid running unprivileged tests with alignment requirements + - Revert "drm/sun4i: dsi: Change the start delay calculation" + - drm/amdgpu: Check for valid number of registers to read + - x86/alternatives: Disable KASAN in apply_alternatives() + - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() + - iomap: Set all uptodate bits for an Uptodate page + - drm/amdgpu: Fix type of second parameter in trans_msg() callback + - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node + - PCI: tegra: Fix reporting GPIO error value + - PCI: tegra: Fix OF node reference leak + - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error + - dm-crypt: don't modify the data when using authenticated encryption + - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() + - PCI/MSI: Prevent MSI hardware interrupt number truncation + - l2tp: pass correct message length to ip6_append_data + - ARM: ep93xx: Add terminator to gpiod_lookup_table + - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() + - usb: cdns3: fix memory double free when handle zero packet + - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs + - usb: roles: don't get/set_role() when usb_role_switch is unregistered + - IB/hfi1: Fix a memleak in init_credit_return + - RDMA/bnxt_re: Return error for SRQ resize + - RDMA/srpt: Make debug output more detailed + - RDMA/srpt: fix function pointer cast warnings + - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions + - bpf, scripts: Correct GPL license name + - scsi: jazz_esp: Only build if SCSI core is builtin + - nouveau: fix function cast warnings + - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid + - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid + - afs: Increase buffer size in afs_update_volume_status() + - ipv6: sr: fix possible use-after-free and null-ptr-deref + - packet: move from strlcpy with unused retval to strscpy + - s390: use the correct count for __iowrite64_copy() + - tls: rx: jump to a more appropriate label + - tls: rx: drop pointless else after goto + - tls: stop recv() if initial process_rx_list gave us non-DATA + - netfilter: nf_tables: set dormant flag on hook register failure + - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 + - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set + - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio + - scripts/bpf: Fix xdp_md forward declaration typo + - Linux 5.4.270 + * CVE-2023-47233 + - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach + * CVE-2021-47070 + - uio: uio_hv_generic: use devm_kzalloc() for private data alloc + - uio_hv_generic: Fix another memory leak in error handling paths + * CVE-2024-26622 + - tomoyo: fix UAF write bug in tomoyo_write_control() + + -- Philip Cox Fri, 10 May 2024 10:32:13 -0400 + linux-aws (5.4.0-1125.135) focal; urgency=medium * focal/linux-aws: 5.4.0-1125.135 -proposed tracker (LP: #2063639) diff --git a/debian.aws/reconstruct b/debian.aws/reconstruct index cb928bf09..4e233bbf7 100644 --- a/debian.aws/reconstruct +++ b/debian.aws/reconstruct @@ -114,6 +114,9 @@ rm -f 'net/sched/cls_rsvp.c' rm -f 'net/sched/cls_rsvp.h' rm -f 'net/sched/cls_rsvp6.c' rm -f 'net/sched/cls_tcindex.c' +rm -f 'net/sched/sch_atm.c' +rm -f 'net/sched/sch_cbq.c' +rm -f 'net/sched/sch_dsmark.c' rm -f 'net/xfrm/xfrm_interface.c' rm -f 'tools/build/feature/test-libpython-version.c' rm -f 'tools/testing/selftests/net/fib_tests.sh' diff --git a/debian.aws/tracking-bug b/debian.aws/tracking-bug index 96cb348a1..9b6e30c77 100644 --- a/debian.aws/tracking-bug +++ b/debian.aws/tracking-bug @@ -1 +1 @@ -2063639 s2024.04.01-1 +2063766 2024.04.29-1 diff --git a/debian.master/changelog b/debian.master/changelog index 579afd582..c247c77ba 100644 --- a/debian.master/changelog +++ b/debian.master/changelog @@ -1,21 +1,167 @@ -linux (5.4.0-182.202) focal; urgency=medium +linux (5.4.0-186.206) focal; urgency=medium - * focal/linux: 5.4.0-182.202 -proposed tracker (LP: #2063685) + * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812) + + * Mount CIFS fails with Permission denied (LP: #2061986) + - cifs: fix ntlmssp auth when there is no key exchange + + * USB stick can't be detected (LP: #2040948) + - usb: Disable USB3 LPM at shutdown + + * CVE-2024-26733 + - net: dev: Convert sa_data to flexible array in struct sockaddr + - arp: Prevent overflow in arp_req_get(). + - stddef: Introduce DECLARE_FLEX_ARRAY() helper + + * CVE-2024-26712 + - powerpc/kasan: Fix addr error caused by page alignment * CVE-2023-52530 - wifi: mac80211: fix potential key use-after-free - * CVE-2024-26622 - - tomoyo: fix UAF write bug in tomoyo_write_control() + * CVE-2021-47063 + - drm: bridge/panel: Cleanup connector on bridge detach + + * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array- + index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux- + hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times, + especially during boot. (LP: #2058477) + - hv: hyperv.h: Replace one-element array with flexible-array member * CVE-2024-26614 - tcp: make sure init the accept_queue's spinlocks once - ipv6: init the accept_queue's spinlocks in inet6_create + * Focal update: v5.4.271 upstream stable release (LP: #2060216) + - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter + - net: ip_tunnel: prevent perpetual headroom growth + - tun: Fix xdp_rxq_info's queue_index when detaching + - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() + - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is + detected + - net: usb: dm9601: fix wrong return value in dm9601_mdio_read + - Bluetooth: Avoid potential use-after-free in hci_error_reset + - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST + - Bluetooth: Enforce validation on max value of connection interval + - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() + - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back + - efi/capsule-loader: fix incorrect allocation size + - power: supply: bq27xxx-i2c: Do not free non existing IRQ + - ALSA: Drop leftover snd-rtctimer stuff from Makefile + - afs: Fix endless loop in directory parsing + - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() + - wifi: nl80211: reject iftype change with mesh ID change + - btrfs: dev-replace: properly validate device names + - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read + - dmaengine: fsl-qdma: init irq after reg initialization + - mmc: core: Fix eMMC initialization with 1-bit bus connection + - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers + - cachefiles: fix memory leak in cachefiles_add_cache() + - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super + - gpio: 74x164: Enable output pins after registers are reset + - Linux 5.4.271 + + * Focal update: v5.4.270 upstream stable release (LP: #2060019) + - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() + - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler + - net/sched: Retire CBQ qdisc + - [Config] updateconfigs for NET_SCH_CBQ + - net/sched: Retire ATM qdisc + - [Config] updateconfigs for NET_SCH_ATM + - net/sched: Retire dsmark qdisc + - [Config] updateconfigs for NET_SCH_DSMARK + - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset + - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() + - nilfs2: replace WARN_ONs for invalid DAT metadata block requests + - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb + - sched/rt: Fix sysctl_sched_rr_timeslice intial value + - sched/rt: Disallow writing invalid values to sched_rt_period_us + - scsi: target: core: Add TMF to tmr_list handling + - dmaengine: shdma: increase size of 'dev_id' + - dmaengine: fsl-qdma: increase size of 'irq_name' + - wifi: cfg80211: fix missing interfaces when dumping + - wifi: mac80211: fix race condition on enabling fast-xmit + - fbdev: savage: Error out if pixclock equals zero + - fbdev: sis: Error out if pixclock equals zero + - ahci: asm1166: correct count of reported ports + - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers + - ext4: avoid allocating blocks from corrupted group in + ext4_mb_try_best_found() + - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() + - regulator: pwm-regulator: Add validity checks in continuous .get_voltage + - nvmet-tcp: fix nvme tcp ida memory leak + - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 + - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in + sctp_new + - nvmet-fc: abort command when there is no binding + - hwmon: (coretemp) Enlarge per package core count limit + - scsi: lpfc: Use unsigned type for num_sge + - firewire: core: send bus reset promptly on gap count error + - virtio-blk: Ensure no requests in virtqueues before deleting vqs. + - s390/qeth: Fix potential loss of L3-IP@ in case of network issues + - pmdomain: renesas: r8a77980-sysc: CR7 must be always on + - tcp: factor out __tcp_close() helper + - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit + - tcp: add annotations around sk->sk_shutdown accesses + - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours + - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups + - spi: mt7621: Fix an error message in mt7621_spi_probe() + - net: bridge: clear bridge's private skb space on xmit + - selftests/bpf: Avoid running unprivileged tests with alignment requirements + - Revert "drm/sun4i: dsi: Change the start delay calculation" + - drm/amdgpu: Check for valid number of registers to read + - x86/alternatives: Disable KASAN in apply_alternatives() + - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() + - iomap: Set all uptodate bits for an Uptodate page + - drm/amdgpu: Fix type of second parameter in trans_msg() callback + - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node + - PCI: tegra: Fix reporting GPIO error value + - PCI: tegra: Fix OF node reference leak + - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error + - dm-crypt: don't modify the data when using authenticated encryption + - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() + - PCI/MSI: Prevent MSI hardware interrupt number truncation + - l2tp: pass correct message length to ip6_append_data + - ARM: ep93xx: Add terminator to gpiod_lookup_table + - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() + - usb: cdns3: fix memory double free when handle zero packet + - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs + - usb: roles: don't get/set_role() when usb_role_switch is unregistered + - IB/hfi1: Fix a memleak in init_credit_return + - RDMA/bnxt_re: Return error for SRQ resize + - RDMA/srpt: Make debug output more detailed + - RDMA/srpt: fix function pointer cast warnings + - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions + - bpf, scripts: Correct GPL license name + - scsi: jazz_esp: Only build if SCSI core is builtin + - nouveau: fix function cast warnings + - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid + - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid + - afs: Increase buffer size in afs_update_volume_status() + - ipv6: sr: fix possible use-after-free and null-ptr-deref + - packet: move from strlcpy with unused retval to strscpy + - s390: use the correct count for __iowrite64_copy() + - tls: rx: jump to a more appropriate label + - tls: rx: drop pointless else after goto + - tls: stop recv() if initial process_rx_list gave us non-DATA + - netfilter: nf_tables: set dormant flag on hook register failure + - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 + - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set + - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio + - scripts/bpf: Fix xdp_md forward declaration typo + - Linux 5.4.270 + * CVE-2023-47233 - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach - -- Stefan Bader Fri, 26 Apr 2024 13:36:15 +0200 + * CVE-2021-47070 + - uio: uio_hv_generic: use devm_kzalloc() for private data alloc + - uio_hv_generic: Fix another memory leak in error handling paths + + * CVE-2024-26622 + - tomoyo: fix UAF write bug in tomoyo_write_control() + + -- Roxana Nicolescu Fri, 26 Apr 2024 14:01:17 +0200 linux (5.4.0-181.201) focal; urgency=medium diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 6cd556c32..06cf3f974 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -7390,15 +7390,12 @@ CONFIG_NET_REDIRECT policy<{'amd64': 'y', 'arm64': ' CONFIG_NET_RX_BUSY_POLL policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_NET_SB1000 policy<{'amd64': 'm', 'arm64': 'm', 'i386': 'm'}> CONFIG_NET_SCHED policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_NET_SCH_ATM policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm'}> CONFIG_NET_SCH_CAKE policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> -CONFIG_NET_SCH_CBQ policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_CBS policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_CHOKE policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_CODEL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_DEFAULT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_NET_SCH_DRR policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> -CONFIG_NET_SCH_DSMARK policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_ETF policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_FIFO policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_NET_SCH_FQ policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> diff --git a/debian.master/reconstruct b/debian.master/reconstruct index 2c63e622a..405cddef4 100644 --- a/debian.master/reconstruct +++ b/debian.master/reconstruct @@ -114,6 +114,9 @@ rm -f 'net/sched/cls_rsvp.c' rm -f 'net/sched/cls_rsvp.h' rm -f 'net/sched/cls_rsvp6.c' rm -f 'net/sched/cls_tcindex.c' +rm -f 'net/sched/sch_atm.c' +rm -f 'net/sched/sch_cbq.c' +rm -f 'net/sched/sch_dsmark.c' rm -f 'net/xfrm/xfrm_interface.c' rm -f 'tools/build/feature/test-libpython-version.c' exit 0 diff --git a/debian.master/tracking-bug b/debian.master/tracking-bug index 447449f48..9433dabc0 100644 --- a/debian.master/tracking-bug +++ b/debian.master/tracking-bug @@ -1 +1 @@ -2063685 s2024.04.01-1 +2063812 2024.04.29-1 diff --git a/debian.master/upstream-stable b/debian.master/upstream-stable index bb0a5d4a7..a9dbc070b 100644 --- a/debian.master/upstream-stable +++ b/debian.master/upstream-stable @@ -1,3 +1,3 @@ # The following upstream stable releases have been ported: [upstream-stable] - linux-5.4.y = v5.4.269 + linux-5.4.y = v5.4.271 diff --git a/debian/changelog b/debian/changelog index 202365838..2c5f8af22 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,159 @@ +linux-aws (5.4.0-1126.136) focal; urgency=medium + + * focal/linux-aws: 5.4.0-1126.136 -proposed tracker (LP: #2063766) + + [ Ubuntu: 5.4.0-186.206 ] + + * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812) + * Mount CIFS fails with Permission denied (LP: #2061986) + - cifs: fix ntlmssp auth when there is no key exchange + * USB stick can't be detected (LP: #2040948) + - usb: Disable USB3 LPM at shutdown + * CVE-2024-26733 + - net: dev: Convert sa_data to flexible array in struct sockaddr + - arp: Prevent overflow in arp_req_get(). + - stddef: Introduce DECLARE_FLEX_ARRAY() helper + * CVE-2024-26712 + - powerpc/kasan: Fix addr error caused by page alignment + * CVE-2023-52530 + - wifi: mac80211: fix potential key use-after-free + * CVE-2021-47063 + - drm: bridge/panel: Cleanup connector on bridge detach + * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array- + index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux- + hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times, + especially during boot. (LP: #2058477) + - hv: hyperv.h: Replace one-element array with flexible-array member + * CVE-2024-26614 + - tcp: make sure init the accept_queue's spinlocks once + - ipv6: init the accept_queue's spinlocks in inet6_create + * Focal update: v5.4.271 upstream stable release (LP: #2060216) + - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter + - net: ip_tunnel: prevent perpetual headroom growth + - tun: Fix xdp_rxq_info's queue_index when detaching + - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() + - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is + detected + - net: usb: dm9601: fix wrong return value in dm9601_mdio_read + - Bluetooth: Avoid potential use-after-free in hci_error_reset + - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST + - Bluetooth: Enforce validation on max value of connection interval + - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() + - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back + - efi/capsule-loader: fix incorrect allocation size + - power: supply: bq27xxx-i2c: Do not free non existing IRQ + - ALSA: Drop leftover snd-rtctimer stuff from Makefile + - afs: Fix endless loop in directory parsing + - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() + - wifi: nl80211: reject iftype change with mesh ID change + - btrfs: dev-replace: properly validate device names + - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read + - dmaengine: fsl-qdma: init irq after reg initialization + - mmc: core: Fix eMMC initialization with 1-bit bus connection + - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers + - cachefiles: fix memory leak in cachefiles_add_cache() + - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super + - gpio: 74x164: Enable output pins after registers are reset + - Linux 5.4.271 + * Focal update: v5.4.270 upstream stable release (LP: #2060019) + - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() + - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler + - net/sched: Retire CBQ qdisc + - [Config] updateconfigs for NET_SCH_CBQ + - net/sched: Retire ATM qdisc + - [Config] updateconfigs for NET_SCH_ATM + - net/sched: Retire dsmark qdisc + - [Config] updateconfigs for NET_SCH_DSMARK + - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset + - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() + - nilfs2: replace WARN_ONs for invalid DAT metadata block requests + - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb + - sched/rt: Fix sysctl_sched_rr_timeslice intial value + - sched/rt: Disallow writing invalid values to sched_rt_period_us + - scsi: target: core: Add TMF to tmr_list handling + - dmaengine: shdma: increase size of 'dev_id' + - dmaengine: fsl-qdma: increase size of 'irq_name' + - wifi: cfg80211: fix missing interfaces when dumping + - wifi: mac80211: fix race condition on enabling fast-xmit + - fbdev: savage: Error out if pixclock equals zero + - fbdev: sis: Error out if pixclock equals zero + - ahci: asm1166: correct count of reported ports + - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers + - ext4: avoid allocating blocks from corrupted group in + ext4_mb_try_best_found() + - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() + - regulator: pwm-regulator: Add validity checks in continuous .get_voltage + - nvmet-tcp: fix nvme tcp ida memory leak + - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 + - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in + sctp_new + - nvmet-fc: abort command when there is no binding + - hwmon: (coretemp) Enlarge per package core count limit + - scsi: lpfc: Use unsigned type for num_sge + - firewire: core: send bus reset promptly on gap count error + - virtio-blk: Ensure no requests in virtqueues before deleting vqs. + - s390/qeth: Fix potential loss of L3-IP@ in case of network issues + - pmdomain: renesas: r8a77980-sysc: CR7 must be always on + - tcp: factor out __tcp_close() helper + - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit + - tcp: add annotations around sk->sk_shutdown accesses + - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours + - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups + - spi: mt7621: Fix an error message in mt7621_spi_probe() + - net: bridge: clear bridge's private skb space on xmit + - selftests/bpf: Avoid running unprivileged tests with alignment requirements + - Revert "drm/sun4i: dsi: Change the start delay calculation" + - drm/amdgpu: Check for valid number of registers to read + - x86/alternatives: Disable KASAN in apply_alternatives() + - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() + - iomap: Set all uptodate bits for an Uptodate page + - drm/amdgpu: Fix type of second parameter in trans_msg() callback + - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node + - PCI: tegra: Fix reporting GPIO error value + - PCI: tegra: Fix OF node reference leak + - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error + - dm-crypt: don't modify the data when using authenticated encryption + - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() + - PCI/MSI: Prevent MSI hardware interrupt number truncation + - l2tp: pass correct message length to ip6_append_data + - ARM: ep93xx: Add terminator to gpiod_lookup_table + - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() + - usb: cdns3: fix memory double free when handle zero packet + - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs + - usb: roles: don't get/set_role() when usb_role_switch is unregistered + - IB/hfi1: Fix a memleak in init_credit_return + - RDMA/bnxt_re: Return error for SRQ resize + - RDMA/srpt: Make debug output more detailed + - RDMA/srpt: fix function pointer cast warnings + - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions + - bpf, scripts: Correct GPL license name + - scsi: jazz_esp: Only build if SCSI core is builtin + - nouveau: fix function cast warnings + - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid + - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid + - afs: Increase buffer size in afs_update_volume_status() + - ipv6: sr: fix possible use-after-free and null-ptr-deref + - packet: move from strlcpy with unused retval to strscpy + - s390: use the correct count for __iowrite64_copy() + - tls: rx: jump to a more appropriate label + - tls: rx: drop pointless else after goto + - tls: stop recv() if initial process_rx_list gave us non-DATA + - netfilter: nf_tables: set dormant flag on hook register failure + - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 + - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set + - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio + - scripts/bpf: Fix xdp_md forward declaration typo + - Linux 5.4.270 + * CVE-2023-47233 + - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach + * CVE-2021-47070 + - uio: uio_hv_generic: use devm_kzalloc() for private data alloc + - uio_hv_generic: Fix another memory leak in error handling paths + * CVE-2024-26622 + - tomoyo: fix UAF write bug in tomoyo_write_control() + + -- Philip Cox Fri, 10 May 2024 10:32:13 -0400 + linux-aws (5.4.0-1125.135) focal; urgency=medium * focal/linux-aws: 5.4.0-1125.135 -proposed tracker (LP: #2063639) diff --git a/debian/control b/debian/control index 5d55f8164..30bcfd3ae 100644 --- a/debian/control +++ b/debian/control @@ -55,7 +55,7 @@ Vcs-Git: git://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-aws/+git XS-Testsuite: autopkgtest #XS-Testsuite-Depends: gcc-4.7 binutils -Package: linux-aws-headers-5.4.0-1125 +Package: linux-aws-headers-5.4.0-1126 Build-Profiles: Architecture: all Multi-Arch: foreign @@ -66,46 +66,46 @@ Breaks: iscsitarget-dkms (<< 1.4.20.3+svn502-2ubuntu4.4) Description: Header files related to Linux kernel version 5.4.0 This package provides kernel header files for version 5.4.0, for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-aws-headers-5.4.0-1125/debian.README.gz for details + /usr/share/doc/linux-aws-headers-5.4.0-1126/debian.README.gz for details -Package: linux-aws-tools-5.4.0-1125 +Package: linux-aws-tools-5.4.0-1126 Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-tools-common -Description: Linux kernel version specific tools for version 5.4.0-1125 +Description: Linux kernel version specific tools for version 5.4.0-1126 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.4.0-1125 on + version 5.4.0-1126 on 64 bit x86. - You probably want to install linux-tools-5.4.0-1125-. + You probably want to install linux-tools-5.4.0-1126-. -Package: linux-aws-cloud-tools-5.4.0-1125 +Package: linux-aws-cloud-tools-5.4.0-1126 Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-cloud-tools-common -Description: Linux kernel version specific cloud tools for version 5.4.0-1125 +Description: Linux kernel version specific cloud tools for version 5.4.0-1126 This package provides the architecture dependant parts for kernel - version locked tools for cloud tools for version 5.4.0-1125 on + version locked tools for cloud tools for version 5.4.0-1126 on 64 bit x86. - You probably want to install linux-cloud-tools-5.4.0-1125-. + You probably want to install linux-cloud-tools-5.4.0-1126-. -Package: linux-image-unsigned-5.4.0-1125-aws +Package: linux-image-unsigned-5.4.0-1126-aws Build-Profiles: Architecture: amd64 arm64 Section: kernel Priority: optional Provides: linux-image, fuse-module, aufs-dkms, ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-1125-aws +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-1126-aws Recommends: grub-pc [amd64] | grub-efi-amd64 [amd64] | grub-efi-ia32 [amd64] | grub [amd64] | lilo [amd64] | grub-efi-arm64 [arm64], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-5.4.0-1125-aws -Suggests: fdutils, linux-aws-doc-5.4.0 | linux-aws-source-5.4.0, linux-aws-tools, linux-headers-5.4.0-1125-aws +Conflicts: linux-image-5.4.0-1126-aws +Suggests: fdutils, linux-aws-doc-5.4.0 | linux-aws-source-5.4.0, linux-aws-tools, linux-headers-5.4.0-1126-aws Description: Linux kernel image for version 5.4.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 5.4.0 on 64 bit x86 SMP. @@ -118,7 +118,7 @@ Description: Linux kernel image for version 5.4.0 on 64 bit x86 SMP the linux-aws meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-5.4.0-1125-aws +Package: linux-modules-5.4.0-1126-aws Build-Profiles: Architecture: amd64 arm64 Section: kernel @@ -138,12 +138,12 @@ Description: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP the linux-aws meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-5.4.0-1125-aws +Package: linux-modules-extra-5.4.0-1126-aws Build-Profiles: Architecture: amd64 arm64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-1125-aws | linux-image-unsigned-5.4.0-1125-aws, crda | wireless-crda +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-1126-aws | linux-image-unsigned-5.4.0-1126-aws, crda | wireless-crda Description: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP. @@ -156,21 +156,21 @@ Description: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP the linux-modules-extra-aws meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-5.4.0-1125-aws +Package: linux-headers-5.4.0-1126-aws Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-aws-headers-5.4.0-1125, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-aws-headers-5.4.0-1126, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 5.4.0 on 64 bit x86 SMP This package provides kernel header files for version 5.4.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.4.0-1125/debian.README.gz for details. + /usr/share/doc/linux-headers-5.4.0-1126/debian.README.gz for details. -Package: linux-image-unsigned-5.4.0-1125-aws-dbgsym +Package: linux-image-unsigned-5.4.0-1126-aws-dbgsym Build-Profiles: Architecture: amd64 arm64 Section: devel @@ -187,27 +187,27 @@ Description: Linux kernel debug image for version 5.4.0 on 64 bit x86 SMP is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-5.4.0-1125-aws +Package: linux-tools-5.4.0-1126-aws Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-aws-tools-5.4.0-1125 -Description: Linux kernel version specific tools for version 5.4.0-1125 +Depends: ${misc:Depends}, linux-aws-tools-5.4.0-1126 +Description: Linux kernel version specific tools for version 5.4.0-1126 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.4.0-1125 on + version 5.4.0-1126 on 64 bit x86. -Package: linux-cloud-tools-5.4.0-1125-aws +Package: linux-cloud-tools-5.4.0-1126-aws Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-aws-cloud-tools-5.4.0-1125 -Description: Linux kernel version specific cloud tools for version 5.4.0-1125 +Depends: ${misc:Depends}, linux-aws-cloud-tools-5.4.0-1126 +Description: Linux kernel version specific cloud tools for version 5.4.0-1126 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 5.4.0-1125 on + version locked tools for cloud for version 5.4.0-1126 on 64 bit x86. Package: linux-udebs-aws @@ -221,7 +221,7 @@ Description: Metapackage depending on kernel udebs for easier version and migration tracking. -Package: linux-buildinfo-5.4.0-1125-aws +Package: linux-buildinfo-5.4.0-1126-aws Build-Profiles: Architecture: amd64 arm64 Section: kernel diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index a8118fc06..f38cb0e93 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -48,6 +48,7 @@ enum { enum board_ids { /* board IDs by feature in alphabetical order */ board_ahci, + board_ahci_43bit_dma, board_ahci_ign_iferr, board_ahci_mobile, board_ahci_nomsi, @@ -126,6 +127,13 @@ static const struct ata_port_info ahci_port_info[] = { .udma_mask = ATA_UDMA6, .port_ops = &ahci_ops, }, + [board_ahci_43bit_dma] = { + AHCI_HFLAGS (AHCI_HFLAG_43BIT_ONLY), + .flags = AHCI_FLAG_COMMON, + .pio_mask = ATA_PIO4, + .udma_mask = ATA_UDMA6, + .port_ops = &ahci_ops, + }, [board_ahci_ign_iferr] = { AHCI_HFLAGS (AHCI_HFLAG_IGN_IRQ_IF_ERR), .flags = AHCI_FLAG_COMMON, @@ -563,11 +571,11 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(PROMISE, 0x3f20), board_ahci }, /* PDC42819 */ { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */ - /* Asmedia */ + /* ASMedia */ { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */ { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci }, /* ASM1060 */ - { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci }, /* ASM1061 */ - { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ + { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci_43bit_dma }, /* ASM1061 */ + { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci_43bit_dma }, /* ASM1061/1062 */ { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci }, /* ASM1061R */ { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci }, /* ASM1062R */ @@ -620,6 +628,11 @@ MODULE_PARM_DESC(mobile_lpm_policy, "Default LPM policy for mobile chipsets"); static void ahci_pci_save_initial_config(struct pci_dev *pdev, struct ahci_host_priv *hpriv) { + if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == 0x1166) { + dev_info(&pdev->dev, "ASM1166 has only six ports\n"); + hpriv->saved_port_map = 0x3f; + } + if (pdev->vendor == PCI_VENDOR_ID_JMICRON && pdev->device == 0x2361) { dev_info(&pdev->dev, "JMB361 has only one port\n"); hpriv->force_port_map = 1; @@ -913,11 +926,20 @@ static int ahci_pci_device_resume(struct device *dev) #endif /* CONFIG_PM */ -static int ahci_configure_dma_masks(struct pci_dev *pdev, int using_dac) +static int ahci_configure_dma_masks(struct pci_dev *pdev, + struct ahci_host_priv *hpriv) { - const int dma_bits = using_dac ? 64 : 32; + int dma_bits; int rc; + if (hpriv->cap & HOST_CAP_64) { + dma_bits = 64; + if (hpriv->flags & AHCI_HFLAG_43BIT_ONLY) + dma_bits = 43; + } else { + dma_bits = 32; + } + /* * If the device fixup already set the dma_mask to some non-standard * value, don't extend it here. This happens on STA2X11, for example. @@ -1894,7 +1916,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) ahci_gtf_filter_workaround(host); /* initialize adapter */ - rc = ahci_configure_dma_masks(pdev, hpriv->cap & HOST_CAP_64); + rc = ahci_configure_dma_masks(pdev, hpriv); if (rc) return rc; diff --git a/drivers/ata/ahci.h b/drivers/ata/ahci.h index 7cc6feb17..b8db2b0d7 100644 --- a/drivers/ata/ahci.h +++ b/drivers/ata/ahci.h @@ -244,6 +244,7 @@ enum { AHCI_HFLAG_IGN_NOTSUPP_POWER_ON = BIT(27), /* ignore -EOPNOTSUPP from phy_power_on() */ AHCI_HFLAG_NO_SXS = BIT(28), /* SXS not supported */ + AHCI_HFLAG_43BIT_ONLY = BIT(29), /* 43bit DMA addr limit */ /* ap->flags bits */ diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index 394ced89f..3639545e5 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -1064,14 +1064,15 @@ static int virtblk_freeze(struct virtio_device *vdev) { struct virtio_blk *vblk = vdev->priv; + /* Ensure no requests in virtqueues before deleting vqs. */ + blk_mq_freeze_queue(vblk->disk->queue); + /* Ensure we don't receive any more interrupts */ vdev->config->reset(vdev); /* Make sure no work handler is accessing the device. */ flush_work(&vblk->config_work); - blk_mq_quiesce_queue(vblk->disk->queue); - vdev->config->del_vqs(vdev); kfree(vblk->vqs); @@ -1089,7 +1090,7 @@ static int virtblk_restore(struct virtio_device *vdev) virtio_device_ready(vdev); - blk_mq_unquiesce_queue(vblk->disk->queue); + blk_mq_unfreeze_queue(vblk->disk->queue); return 0; } #endif diff --git a/drivers/dma/fsl-qdma.c b/drivers/dma/fsl-qdma.c index ad5818c0c..bd9b68e21 100644 --- a/drivers/dma/fsl-qdma.c +++ b/drivers/dma/fsl-qdma.c @@ -109,6 +109,7 @@ #define FSL_QDMA_CMD_WTHROTL_OFFSET 20 #define FSL_QDMA_CMD_DSEN_OFFSET 19 #define FSL_QDMA_CMD_LWC_OFFSET 16 +#define FSL_QDMA_CMD_PF BIT(17) /* Field definition for Descriptor offset */ #define QDMA_CCDF_STATUS 20 @@ -372,7 +373,8 @@ static void fsl_qdma_comp_fill_memcpy(struct fsl_qdma_comp *fsl_comp, qdma_csgf_set_f(csgf_dest, len); /* Descriptor Buffer */ cmd = cpu_to_le32(FSL_QDMA_CMD_RWTTYPE << - FSL_QDMA_CMD_RWTTYPE_OFFSET); + FSL_QDMA_CMD_RWTTYPE_OFFSET) | + FSL_QDMA_CMD_PF; sdf->data = QDMA_SDDF_CMD(cmd); cmd = cpu_to_le32(FSL_QDMA_CMD_RWTTYPE << @@ -754,7 +756,7 @@ fsl_qdma_irq_init(struct platform_device *pdev, int i; int cpu; int ret; - char irq_name[20]; + char irq_name[32]; fsl_qdma->error_irq = platform_get_irq_byname(pdev, "qdma-error"); @@ -1150,10 +1152,6 @@ static int fsl_qdma_probe(struct platform_device *pdev) if (!fsl_qdma->queue) return -ENOMEM; - ret = fsl_qdma_irq_init(pdev, fsl_qdma); - if (ret) - return ret; - fsl_qdma->irq_base = platform_get_irq_byname(pdev, "qdma-queue0"); if (fsl_qdma->irq_base < 0) return fsl_qdma->irq_base; @@ -1192,16 +1190,19 @@ static int fsl_qdma_probe(struct platform_device *pdev) platform_set_drvdata(pdev, fsl_qdma); - ret = dma_async_device_register(&fsl_qdma->dma_dev); + ret = fsl_qdma_reg_init(fsl_qdma); if (ret) { - dev_err(&pdev->dev, - "Can't register NXP Layerscape qDMA engine.\n"); + dev_err(&pdev->dev, "Can't Initialize the qDMA engine.\n"); return ret; } - ret = fsl_qdma_reg_init(fsl_qdma); + ret = fsl_qdma_irq_init(pdev, fsl_qdma); + if (ret) + return ret; + + ret = dma_async_device_register(&fsl_qdma->dma_dev); if (ret) { - dev_err(&pdev->dev, "Can't Initialize the qDMA engine.\n"); + dev_err(&pdev->dev, "Can't register NXP Layerscape qDMA engine.\n"); return ret; } diff --git a/drivers/dma/sh/shdma.h b/drivers/dma/sh/shdma.h index 9c121a4b3..f97d80343 100644 --- a/drivers/dma/sh/shdma.h +++ b/drivers/dma/sh/shdma.h @@ -25,7 +25,7 @@ struct sh_dmae_chan { const struct sh_dmae_slave_config *config; /* Slave DMA configuration */ int xmit_shift; /* log_2(bytes_per_xfer) */ void __iomem *base; - char dev_id[16]; /* unique name per DMAC of channel */ + char dev_id[32]; /* unique name per DMAC of channel */ int pm_error; dma_addr_t slave_addr; }; diff --git a/drivers/firewire/core-card.c b/drivers/firewire/core-card.c index f3b3953ca..be195ba83 100644 --- a/drivers/firewire/core-card.c +++ b/drivers/firewire/core-card.c @@ -429,7 +429,23 @@ static void bm_work(struct work_struct *work) */ card->bm_generation = generation; - if (root_device == NULL) { + if (card->gap_count == 0) { + /* + * If self IDs have inconsistent gap counts, do a + * bus reset ASAP. The config rom read might never + * complete, so don't wait for it. However, still + * send a PHY configuration packet prior to the + * bus reset. The PHY configuration packet might + * fail, but 1394-2008 8.4.5.2 explicitly permits + * it in this case, so it should be safe to try. + */ + new_root_id = local_id; + /* + * We must always send a bus reset if the gap count + * is inconsistent, so bypass the 5-reset limit. + */ + card->bm_retries = 0; + } else if (root_device == NULL) { /* * Either link_on is false, or we failed to read the * config rom. In either case, pick another root. diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c index b82cc8bea..78c02717c 100644 --- a/drivers/firmware/efi/capsule-loader.c +++ b/drivers/firmware/efi/capsule-loader.c @@ -291,7 +291,7 @@ static int efi_capsule_open(struct inode *inode, struct file *file) return -ENOMEM; } - cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); + cap_info->phys = kzalloc(sizeof(phys_addr_t), GFP_KERNEL); if (!cap_info->phys) { kfree(cap_info->pages); kfree(cap_info); diff --git a/drivers/gpio/gpio-74x164.c b/drivers/gpio/gpio-74x164.c index e81307f97..30aa7f82f 100644 --- a/drivers/gpio/gpio-74x164.c +++ b/drivers/gpio/gpio-74x164.c @@ -128,8 +128,6 @@ static int gen_74x164_probe(struct spi_device *spi) if (IS_ERR(chip->gpiod_oe)) return PTR_ERR(chip->gpiod_oe); - gpiod_set_value_cansleep(chip->gpiod_oe, 1); - spi_set_drvdata(spi, chip); chip->gpio_chip.label = spi->modalias; @@ -154,6 +152,8 @@ static int gen_74x164_probe(struct spi_device *spi) goto exit_destroy; } + gpiod_set_value_cansleep(chip->gpiod_oe, 1); + ret = gpiochip_add_data(&chip->gpio_chip, chip); if (!ret) return 0; diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c index 26a1173df..1f4acb4c3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c @@ -650,6 +650,9 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file if (info->read_mmr_reg.count > 128) return -EINVAL; + if (info->read_mmr_reg.count > 128) + return -EINVAL; + regs = kmalloc_array(info->read_mmr_reg.count, sizeof(*regs), GFP_KERNEL); if (!regs) return -ENOMEM; diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h index b0b2bdc75..3e59b4e15 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h @@ -48,6 +48,8 @@ struct amdgpu_vf_error_buffer { uint64_t data[AMDGPU_VF_ERROR_ENTRY_SIZE]; }; +enum idh_request; + /** * struct amdgpu_virt_ops - amdgpu device virt operations */ @@ -56,7 +58,8 @@ struct amdgpu_virt_ops { int (*rel_full_gpu)(struct amdgpu_device *adev, bool init); int (*reset_gpu)(struct amdgpu_device *adev); int (*wait_reset)(struct amdgpu_device *adev); - void (*trans_msg)(struct amdgpu_device *adev, u32 req, u32 data1, u32 data2, u32 data3); + void (*trans_msg)(struct amdgpu_device *adev, enum idh_request req, + u32 data1, u32 data2, u32 data3); int (*get_pp_clk)(struct amdgpu_device *adev, u32 type, char *buf); int (*force_dpm_level)(struct amdgpu_device *adev, u32 level); }; diff --git a/drivers/gpu/drm/bridge/panel.c b/drivers/gpu/drm/bridge/panel.c index b12ae3a4c..8f9ddd30b 100644 --- a/drivers/gpu/drm/bridge/panel.c +++ b/drivers/gpu/drm/bridge/panel.c @@ -87,8 +87,17 @@ static int panel_bridge_attach(struct drm_bridge *bridge) static void panel_bridge_detach(struct drm_bridge *bridge) { struct panel_bridge *panel_bridge = drm_bridge_to_panel_bridge(bridge); + struct drm_connector *connector = &panel_bridge->connector; - drm_panel_detach(panel_bridge->panel); + /* + * Cleanup the connector if we know it was initialized. + * + * FIXME: This wouldn't be needed if the panel_bridge structure was + * allocated with drmm_kzalloc(). This might be tricky since the + * drm_device pointer can only be retrieved when the bridge is attached. + */ + if (connector->dev) + drm_connector_cleanup(connector); } static void panel_bridge_pre_enable(struct drm_bridge *bridge) diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c index 8b155e337..9baf95a4f 100644 --- a/drivers/gpu/drm/drm_syncobj.c +++ b/drivers/gpu/drm/drm_syncobj.c @@ -325,6 +325,15 @@ int drm_syncobj_find_fence(struct drm_file *file_private, if (!syncobj) return -ENOENT; + /* Waiting for userspace with locks help is illegal cause that can + * trivial deadlock with page faults for example. Make lockdep complain + * about it early on. + */ + if (flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT) { + might_sleep(); + lockdep_assert_none_held_once(); + } + *fence = drm_syncobj_fence_get(syncobj); if (*fence) { @@ -889,6 +898,10 @@ static signed long drm_syncobj_array_wait_timeout(struct drm_syncobj **syncobjs, uint64_t *points; uint32_t signaled_count, i; + if (flags & (DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT | + DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE)) + lockdep_assert_none_held_once(); + points = kmalloc_array(count, sizeof(*points), GFP_KERNEL); if (points == NULL) return -ENOMEM; @@ -955,7 +968,8 @@ static signed long drm_syncobj_array_wait_timeout(struct drm_syncobj **syncobjs, * fallthough and try a 0 timeout wait! */ - if (flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT) { + if (flags & (DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT | + DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE)) { for (i = 0; i < count; ++i) drm_syncobj_fence_add_wait(syncobjs[i], &entries[i]); } diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c index 4b571cc6b..6597def18 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c @@ -154,11 +154,17 @@ shadow_fw_init(struct nvkm_bios *bios, const char *name) return (void *)fw; } +static void +shadow_fw_release(void *fw) +{ + release_firmware(fw); +} + static const struct nvbios_source shadow_fw = { .name = "firmware", .init = shadow_fw_init, - .fini = (void(*)(void *))release_firmware, + .fini = shadow_fw_release, .read = shadow_fw_read, .rw = false, }; diff --git a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c index f2b288037..a18efd305 100644 --- a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c +++ b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c @@ -365,8 +365,7 @@ static void sun6i_dsi_inst_init(struct sun6i_dsi *dsi, static u16 sun6i_dsi_get_video_start_delay(struct sun6i_dsi *dsi, struct drm_display_mode *mode) { - u16 start = clamp(mode->vtotal - mode->vdisplay - 10, 8, 100); - u16 delay = mode->vtotal - (mode->vsync_end - mode->vdisplay) + start; + u16 delay = mode->vtotal - (mode->vsync_end - mode->vdisplay) + 1; if (delay > mode->vtotal) delay = delay % mode->vtotal; diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ecee12d03..04acb8274 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -40,7 +40,7 @@ MODULE_PARM_DESC(tjmax, "TjMax value in degrees Celsius"); #define PKG_SYSFS_ATTR_NO 1 /* Sysfs attribute for package temp */ #define BASE_SYSFS_ATTR_NO 2 /* Sysfs Base attr no for coretemp */ -#define NUM_REAL_CORES 128 /* Number of Real cores per cpu */ +#define NUM_REAL_CORES 512 /* Number of Real cores per cpu */ #define CORETEMP_NAME_LENGTH 28 /* String Length of attrs */ #define MAX_CORE_ATTRS 4 /* Maximum no of basic attrs */ #define TOTAL_ATTRS (MAX_CORE_ATTRS + 1) diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c index af68d735a..d7ad1e88c 100644 --- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c +++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c @@ -1625,7 +1625,7 @@ int bnxt_re_modify_srq(struct ib_srq *ib_srq, struct ib_srq_attr *srq_attr, switch (srq_attr_mask) { case IB_SRQ_MAX_WR: /* SRQ resize is not supported */ - break; + return -EINVAL; case IB_SRQ_LIMIT: /* Change the SRQ threshold */ if (srq_attr->srq_limit > srq->qplib_srq.max_wqe) @@ -1640,13 +1640,12 @@ int bnxt_re_modify_srq(struct ib_srq *ib_srq, struct ib_srq_attr *srq_attr, /* On success, update the shadow */ srq->srq_limit = srq_attr->srq_limit; /* No need to Build and send response back to udata */ - break; + return 0; default: dev_err(rdev_to_dev(rdev), "Unsupported srq_attr_mask 0x%x", srq_attr_mask); return -EINVAL; } - return 0; } int bnxt_re_query_srq(struct ib_srq *ib_srq, struct ib_srq_attr *srq_attr) diff --git a/drivers/infiniband/hw/hfi1/pio.c b/drivers/infiniband/hw/hfi1/pio.c index fa5de3620..8303c5067 100644 --- a/drivers/infiniband/hw/hfi1/pio.c +++ b/drivers/infiniband/hw/hfi1/pio.c @@ -2131,7 +2131,7 @@ int init_credit_return(struct hfi1_devdata *dd) "Unable to allocate credit return DMA range for NUMA %d\n", i); ret = -ENOMEM; - goto done; + goto free_cr_base; } } set_dev_node(&dd->pcidev->dev, dd->node); @@ -2139,6 +2139,10 @@ int init_credit_return(struct hfi1_devdata *dd) ret = 0; done: return ret; + +free_cr_base: + free_credit_return(dd); + goto done; } void free_credit_return(struct hfi1_devdata *dd) diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c index 057c9ffcd..e4d5c33ba 100644 --- a/drivers/infiniband/hw/hfi1/sdma.c +++ b/drivers/infiniband/hw/hfi1/sdma.c @@ -3203,7 +3203,7 @@ int _pad_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx) { int rval = 0; - if ((unlikely(tx->num_desc + 1 == tx->desc_limit))) { + if ((unlikely(tx->num_desc == tx->desc_limit))) { rval = _extend_sdma_tx_descs(dd, tx); if (rval) { __sdma_txclean(dd, tx); diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 2822ca5e8..d03a4f2e0 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -213,12 +213,15 @@ static const char *get_ch_state_name(enum rdma_ch_state s) /** * srpt_qp_event - QP event callback function * @event: Description of the event that occurred. - * @ch: SRPT RDMA channel. + * @ptr: SRPT RDMA channel. */ -static void srpt_qp_event(struct ib_event *event, struct srpt_rdma_ch *ch) +static void srpt_qp_event(struct ib_event *event, void *ptr) { - pr_debug("QP event %d on ch=%p sess_name=%s state=%d\n", - event->event, ch, ch->sess_name, ch->state); + struct srpt_rdma_ch *ch = ptr; + + pr_debug("QP event %d on ch=%p sess_name=%s-%d state=%s\n", + event->event, ch, ch->sess_name, ch->qp->qp_num, + get_ch_state_name(ch->state)); switch (event->event) { case IB_EVENT_COMM_EST: @@ -1801,8 +1804,7 @@ static int srpt_create_ch_ib(struct srpt_rdma_ch *ch) } qp_init->qp_context = (void *)ch; - qp_init->event_handler - = (void(*)(struct ib_event *, void*))srpt_qp_event; + qp_init->event_handler = srpt_qp_event; qp_init->send_cq = ch->cq; qp_init->recv_cq = ch->cq; qp_init->sq_sig_type = IB_SIGNAL_REQ_WR; @@ -2005,8 +2007,8 @@ static void __srpt_close_all_ch(struct srpt_port *sport) list_for_each_entry(nexus, &sport->nexus_list, entry) { list_for_each_entry(ch, &nexus->ch_list, list) { if (srpt_disconnect_ch(ch) >= 0) - pr_info("Closing channel %s because target %s_%d has been disabled\n", - ch->sess_name, + pr_info("Closing channel %s-%d because target %s_%d has been disabled\n", + ch->sess_name, ch->qp->qp_num, dev_name(&sport->sdev->device->dev), sport->port); srpt_close_ch(ch); diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 4301f22bb..6b4fb4e75 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -1627,6 +1627,12 @@ static void kcryptd_crypt_write_convert(struct dm_crypt_io *io) io->ctx.bio_out = clone; io->ctx.iter_out = clone->bi_iter; + if (crypt_integrity_aead(cc)) { + bio_copy_data(clone, io->base_bio); + io->ctx.bio_in = clone; + io->ctx.iter_in = clone->bi_iter; + } + sector += bio_sectors(clone); crypt_inc_pending(io); diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 81157801a..f3246f740 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -1582,11 +1582,12 @@ static void integrity_metadata(struct work_struct *w) } __bio_for_each_segment(bv, bio, iter, dio->bio_details.bi_iter) { + struct bio_vec bv_copy = bv; unsigned pos; char *mem, *checksums_ptr; again: - mem = (char *)kmap_atomic(bv.bv_page) + bv.bv_offset; + mem = (char *)kmap_atomic(bv_copy.bv_page) + bv_copy.bv_offset; pos = 0; checksums_ptr = checksums; do { @@ -1595,7 +1596,7 @@ static void integrity_metadata(struct work_struct *w) sectors_to_process -= ic->sectors_per_block; pos += ic->sectors_per_block << SECTOR_SHIFT; sector += ic->sectors_per_block; - } while (pos < bv.bv_len && sectors_to_process && checksums != checksums_onstack); + } while (pos < bv_copy.bv_len && sectors_to_process && checksums != checksums_onstack); kunmap_atomic(mem); r = dm_integrity_rw_tag(ic, checksums, &dio->metadata_block, &dio->metadata_offset, @@ -1615,9 +1616,9 @@ static void integrity_metadata(struct work_struct *w) if (!sectors_to_process) break; - if (unlikely(pos < bv.bv_len)) { - bv.bv_offset += pos; - bv.bv_len -= pos; + if (unlikely(pos < bv_copy.bv_len)) { + bv_copy.bv_offset += pos; + bv_copy.bv_len -= pos; goto again; } } diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c index ed939bb2f..8433af39c 100644 --- a/drivers/mmc/core/mmc.c +++ b/drivers/mmc/core/mmc.c @@ -991,10 +991,12 @@ static int mmc_select_bus_width(struct mmc_card *card) static unsigned ext_csd_bits[] = { EXT_CSD_BUS_WIDTH_8, EXT_CSD_BUS_WIDTH_4, + EXT_CSD_BUS_WIDTH_1, }; static unsigned bus_widths[] = { MMC_BUS_WIDTH_8, MMC_BUS_WIDTH_4, + MMC_BUS_WIDTH_1, }; struct mmc_host *host = card->host; unsigned idx, bus_width = 0; diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index c2e649a4f..e5961082a 100644 --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -1377,26 +1377,26 @@ static int __init gtp_init(void) get_random_bytes(>p_h_initval, sizeof(gtp_h_initval)); - err = rtnl_link_register(>p_link_ops); + err = register_pernet_subsys(>p_net_ops); if (err < 0) goto error_out; - err = genl_register_family(>p_genl_family); + err = rtnl_link_register(>p_link_ops); if (err < 0) - goto unreg_rtnl_link; + goto unreg_pernet_subsys; - err = register_pernet_subsys(>p_net_ops); + err = genl_register_family(>p_genl_family); if (err < 0) - goto unreg_genl_family; + goto unreg_rtnl_link; pr_info("GTP module loaded (pdp ctx size %zd bytes)\n", sizeof(struct pdp_ctx)); return 0; -unreg_genl_family: - genl_unregister_family(>p_genl_family); unreg_rtnl_link: rtnl_link_unregister(>p_link_ops); +unreg_pernet_subsys: + unregister_pernet_subsys(>p_net_ops); error_out: pr_err("error loading GTP module loaded\n"); return err; diff --git a/drivers/net/tun.c b/drivers/net/tun.c index c595262c1..47958e6bd 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -715,6 +715,7 @@ static void __tun_detach(struct tun_file *tfile, bool clean) tun->tfiles[tun->numqueues - 1]); ntfile = rtnl_dereference(tun->tfiles[index]); ntfile->queue_index = index; + ntfile->xdp_rxq.queue_index = index; rcu_assign_pointer(tun->tfiles[tun->numqueues - 1], NULL); diff --git a/drivers/net/usb/dm9601.c b/drivers/net/usb/dm9601.c index 5aad26600..9b7db5fd9 100644 --- a/drivers/net/usb/dm9601.c +++ b/drivers/net/usb/dm9601.c @@ -231,7 +231,7 @@ static int dm9601_mdio_read(struct net_device *netdev, int phy_id, int loc) err = dm_read_shared_word(dev, 1, loc, &res); if (err < 0) { netdev_err(dev->net, "MDIO read error: %d\n", err); - return err; + return 0; } netdev_dbg(dev->net, diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index b51017966..454a03f0b 100644 --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c @@ -2535,7 +2535,8 @@ static int lan78xx_reset(struct lan78xx_net *dev) if (dev->chipid == ID_REV_CHIP_ID_7801_) buf &= ~MAC_CR_GMII_EN_; - if (dev->chipid == ID_REV_CHIP_ID_7800_) { + if (dev->chipid == ID_REV_CHIP_ID_7800_ || + dev->chipid == ID_REV_CHIP_ID_7850_) { ret = lan78xx_read_raw_eeprom(dev, 0, 1, &sig); if (!ret && sig != EEPROM_INDICATOR) { /* Implies there is no external eeprom. Set mac speed */ diff --git a/drivers/nvme/target/fc.c b/drivers/nvme/target/fc.c index e77496759..f5f431fab 100644 --- a/drivers/nvme/target/fc.c +++ b/drivers/nvme/target/fc.c @@ -796,6 +796,9 @@ nvmet_fc_alloc_target_assoc(struct nvmet_fc_tgtport *tgtport) int idx; bool needrandom = true; + if (!tgtport->pe) + return NULL; + assoc = kzalloc(sizeof(*assoc), GFP_KERNEL); if (!assoc) return NULL; @@ -2183,8 +2186,9 @@ nvmet_fc_handle_fcp_rqst(struct nvmet_fc_tgtport *tgtport, fod->req.cmd = &fod->cmdiubuf.sqe; fod->req.cqe = &fod->rspiubuf.cqe; - if (tgtport->pe) - fod->req.port = tgtport->pe->port; + if (!tgtport->pe) + goto transport_error; + fod->req.port = tgtport->pe->port; /* clear any response payload */ memset(&fod->rspiubuf, 0, sizeof(fod->rspiubuf)); diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c index be9e97657..d40bd5753 100644 --- a/drivers/nvme/target/tcp.c +++ b/drivers/nvme/target/tcp.c @@ -1817,6 +1817,7 @@ static void __exit nvmet_tcp_exit(void) flush_scheduled_work(); destroy_workqueue(nvmet_tcp_wq); + ida_destroy(&nvmet_tcp_queue_ida); } module_init(nvmet_tcp_init); diff --git a/drivers/pci/controller/pci-tegra.c b/drivers/pci/controller/pci-tegra.c index 99d505a85..74c0ddd43 100644 --- a/drivers/pci/controller/pci-tegra.c +++ b/drivers/pci/controller/pci-tegra.c @@ -2267,13 +2267,15 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) rp->np = port; rp->base = devm_pci_remap_cfg_resource(dev, &rp->regs); - if (IS_ERR(rp->base)) - return PTR_ERR(rp->base); + if (IS_ERR(rp->base)) { + err = PTR_ERR(rp->base); + goto err_node_put; + } label = devm_kasprintf(dev, GFP_KERNEL, "pex-reset-%u", index); if (!label) { - dev_err(dev, "failed to create reset GPIO label\n"); - return -ENOMEM; + err = -ENOMEM; + goto err_node_put; } /* @@ -2289,9 +2291,10 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) if (PTR_ERR(rp->reset_gpio) == -ENOENT) { rp->reset_gpio = NULL; } else { - dev_err(dev, "failed to get reset GPIO: %d\n", - err); - return PTR_ERR(rp->reset_gpio); + dev_err(dev, "failed to get reset GPIO: %ld\n", + PTR_ERR(rp->reset_gpio)); + err = PTR_ERR(rp->reset_gpio); + goto err_node_put; } } diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c index 16e294623..7e98fd85b 100644 --- a/drivers/pci/msi.c +++ b/drivers/pci/msi.c @@ -1421,7 +1421,7 @@ irq_hw_number_t pci_msi_domain_calc_hwirq(struct pci_dev *dev, { return (irq_hw_number_t)desc->msi_attrib.entry_nr | pci_dev_id(dev) << 11 | - (pci_domain_nr(dev->bus) & 0xFFFFFFFF) << 27; + ((irq_hw_number_t)(pci_domain_nr(dev->bus) & 0xFFFFFFFF)) << 27; } static inline bool pci_msi_desc_is_multi_msi(struct msi_desc *desc) diff --git a/drivers/pinctrl/pinctrl-rockchip.c b/drivers/pinctrl/pinctrl-rockchip.c index 4b972be34..9388d6fac 100644 --- a/drivers/pinctrl/pinctrl-rockchip.c +++ b/drivers/pinctrl/pinctrl-rockchip.c @@ -62,7 +62,7 @@ enum rockchip_pinctrl_type { RK3399, }; -/** +/* * Encode variants of iomux registers into a type variable */ #define IOMUX_GPIO_ONLY BIT(0) @@ -72,6 +72,7 @@ enum rockchip_pinctrl_type { #define IOMUX_WIDTH_3BIT BIT(4) /** + * struct rockchip_iomux * @type: iomux variant using IOMUX_* constants * @offset: if initialized to -1 it will be autocalculated, by specifying * an initial offset value the relevant source offset can be reset @@ -82,7 +83,7 @@ struct rockchip_iomux { int offset; }; -/** +/* * enum type index corresponding to rockchip_perpin_drv_list arrays index. */ enum rockchip_pin_drv_type { @@ -94,7 +95,7 @@ enum rockchip_pin_drv_type { DRV_TYPE_MAX }; -/** +/* * enum type index corresponding to rockchip_pull_list arrays index. */ enum rockchip_pin_pull_type { @@ -104,6 +105,7 @@ enum rockchip_pin_pull_type { }; /** + * struct rockchip_drv * @drv_type: drive strength variant using rockchip_perpin_drv_type * @offset: if initialized to -1 it will be autocalculated, by specifying * an initial offset value the relevant source offset can be reset @@ -117,8 +119,9 @@ struct rockchip_drv { }; /** + * struct rockchip_pin_bank * @reg_base: register base of the gpio bank - * @reg_pull: optional separate register for additional pull settings + * @regmap_pull: optional separate register for additional pull settings * @clk: clock of the gpio bank * @irq: interrupt of the gpio bank * @saved_masks: Saved content of GPIO_INTEN at suspend time. @@ -136,6 +139,8 @@ struct rockchip_drv { * @gpio_chip: gpiolib chip * @grange: gpio range * @slock: spinlock for the gpio bank + * @toggle_edge_mode: bit mask to toggle (falling/rising) edge mode + * @recalced_mask: bit mask to indicate a need to recalulate the mask * @route_mask: bits describing the routing pins of per bank */ struct rockchip_pin_bank { @@ -310,6 +315,7 @@ enum rockchip_mux_route_location { * @bank_num: bank number. * @pin: index at register or used to calc index. * @func: the min pin. + * @route_location: the mux route location (same, pmu, grf). * @route_offset: the max pin. * @route_val: the register offset. */ @@ -322,8 +328,6 @@ struct rockchip_mux_route_data { u32 route_val; }; -/** - */ struct rockchip_pin_ctrl { struct rockchip_pin_bank *pin_banks; u32 nr_banks; @@ -361,9 +365,7 @@ struct rockchip_pin_config { * @name: name of the pin group, used to lookup the group. * @pins: the pins included in this group. * @npins: number of pins included in this group. - * @func: the mux function number to be programmed when selected. - * @configs: the config values to be set for each pin - * @nconfigs: number of configs for each pin + * @data: local pin configuration */ struct rockchip_pin_group { const char *name; @@ -376,7 +378,7 @@ struct rockchip_pin_group { * struct rockchip_pmx_func: represent a pin function. * @name: name of the pin function, used to lookup the function. * @groups: one or more names of pin groups that provide this function. - * @num_groups: number of groups included in @groups. + * @ngroups: number of groups included in @groups. */ struct rockchip_pmx_func { const char *name; @@ -2534,6 +2536,7 @@ static int rockchip_pinctrl_parse_groups(struct device_node *np, np_config = of_find_node_by_phandle(be32_to_cpup(phandle)); ret = pinconf_generic_parse_dt_config(np_config, NULL, &grp->data[j].configs, &grp->data[j].nconfigs); + of_node_put(np_config); if (ret) return ret; } diff --git a/drivers/power/supply/bq27xxx_battery_i2c.c b/drivers/power/supply/bq27xxx_battery_i2c.c index 01800cd97..08c7e2b41 100644 --- a/drivers/power/supply/bq27xxx_battery_i2c.c +++ b/drivers/power/supply/bq27xxx_battery_i2c.c @@ -217,7 +217,9 @@ static int bq27xxx_battery_i2c_remove(struct i2c_client *client) { struct bq27xxx_device_info *di = i2c_get_clientdata(client); - free_irq(client->irq, di); + if (client->irq) + free_irq(client->irq, di); + bq27xxx_battery_teardown(di); mutex_lock(&battery_mutex); diff --git a/drivers/regulator/pwm-regulator.c b/drivers/regulator/pwm-regulator.c index 0a9d61a91..1b06aaaaf 100644 --- a/drivers/regulator/pwm-regulator.c +++ b/drivers/regulator/pwm-regulator.c @@ -158,6 +158,9 @@ static int pwm_regulator_get_voltage(struct regulator_dev *rdev) pwm_get_state(drvdata->pwm, &pstate); voltage = pwm_get_relative_duty_cycle(&pstate, duty_unit); + if (voltage < min(max_uV_duty, min_uV_duty) || + voltage > max(max_uV_duty, min_uV_duty)) + return -ENOTRECOVERABLE; /* * The dutycycle for min_uV might be greater than the one for max_uV. diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c index 8dee16aca..fe2bea240 100644 --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -305,9 +305,10 @@ static void qeth_l3_clear_ip_htable(struct qeth_card *card, int recover) if (!recover) { hash_del(&addr->hnode); kfree(addr); - continue; + } else { + /* prepare for recovery */ + addr->disp_flag = QETH_DISP_ADDR_ADD; } - addr->disp_flag = QETH_DISP_ADDR_ADD; } mutex_unlock(&card->ip_lock); @@ -335,11 +336,13 @@ static void qeth_l3_recover_ip(struct qeth_card *card) } else rc = qeth_l3_register_addr_entry(card, addr); - if (!rc) { + if (!rc || rc == -EADDRINUSE || rc == -ENETDOWN) { + /* keep it in the records */ addr->disp_flag = QETH_DISP_ADDR_DO_NOTHING; if (addr->ref_counter < 1) qeth_l3_delete_ip(card, addr); } else { + /* bad address */ hash_del(&addr->hnode); kfree(addr); } diff --git a/drivers/scsi/Kconfig b/drivers/scsi/Kconfig index 51bbc858a..cab6e67ea 100644 --- a/drivers/scsi/Kconfig +++ b/drivers/scsi/Kconfig @@ -1286,7 +1286,7 @@ source "drivers/scsi/arm/Kconfig" config JAZZ_ESP bool "MIPS JAZZ FAS216 SCSI support" - depends on MACH_JAZZ && SCSI + depends on MACH_JAZZ && SCSI=y select SCSI_SPI_ATTRS help This is the driver for the onboard SCSI host adapter of MIPS Magnum diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index fa99d34dd..11c119368 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -1942,7 +1942,7 @@ lpfc_bg_setup_bpl_prot(struct lpfc_hba *phba, struct scsi_cmnd *sc, * * Returns the number of SGEs added to the SGL. **/ -static int +static uint32_t lpfc_bg_setup_sgl(struct lpfc_hba *phba, struct scsi_cmnd *sc, struct sli4_sge *sgl, int datasegcnt, struct lpfc_io_buf *lpfc_cmd) @@ -1950,8 +1950,8 @@ lpfc_bg_setup_sgl(struct lpfc_hba *phba, struct scsi_cmnd *sc, struct scatterlist *sgde = NULL; /* s/g data entry */ struct sli4_sge_diseed *diseed = NULL; dma_addr_t physaddr; - int i = 0, num_sge = 0, status; - uint32_t reftag; + int i = 0, status; + uint32_t reftag, num_sge = 0; uint8_t txop, rxop; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS uint32_t rc; @@ -2122,7 +2122,7 @@ lpfc_bg_setup_sgl(struct lpfc_hba *phba, struct scsi_cmnd *sc, * * Returns the number of SGEs added to the SGL. **/ -static int +static uint32_t lpfc_bg_setup_sgl_prot(struct lpfc_hba *phba, struct scsi_cmnd *sc, struct sli4_sge *sgl, int datacnt, int protcnt, struct lpfc_io_buf *lpfc_cmd) @@ -2146,8 +2146,8 @@ lpfc_bg_setup_sgl_prot(struct lpfc_hba *phba, struct scsi_cmnd *sc, uint32_t rc; #endif uint32_t checking = 1; - uint32_t dma_offset = 0; - int num_sge = 0, j = 2; + uint32_t dma_offset = 0, num_sge = 0; + int j = 2; struct sli4_hybrid_sgl *sgl_xtra = NULL; sgpe = scsi_prot_sglist(sc); diff --git a/drivers/soc/renesas/r8a77980-sysc.c b/drivers/soc/renesas/r8a77980-sysc.c index a8dbe55e8..3d1ea2456 100644 --- a/drivers/soc/renesas/r8a77980-sysc.c +++ b/drivers/soc/renesas/r8a77980-sysc.c @@ -25,7 +25,8 @@ static const struct rcar_sysc_area r8a77980_areas[] __initconst = { PD_CPU_NOCR }, { "ca53-cpu3", 0x200, 3, R8A77980_PD_CA53_CPU3, R8A77980_PD_CA53_SCU, PD_CPU_NOCR }, - { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON }, + { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON, + PD_CPU_NOCR }, { "a3ir", 0x180, 0, R8A77980_PD_A3IR, R8A77980_PD_ALWAYS_ON }, { "a2ir0", 0x400, 0, R8A77980_PD_A2IR0, R8A77980_PD_A3IR }, { "a2ir1", 0x400, 1, R8A77980_PD_A2IR1, R8A77980_PD_A3IR }, diff --git a/drivers/spi/spi-mt7621.c b/drivers/spi/spi-mt7621.c index b4b9b7309..351b0ef52 100644 --- a/drivers/spi/spi-mt7621.c +++ b/drivers/spi/spi-mt7621.c @@ -340,11 +340,9 @@ static int mt7621_spi_probe(struct platform_device *pdev) return PTR_ERR(base); clk = devm_clk_get(&pdev->dev, NULL); - if (IS_ERR(clk)) { - dev_err(&pdev->dev, "unable to get SYS clock, err=%d\n", - status); - return PTR_ERR(clk); - } + if (IS_ERR(clk)) + return dev_err_probe(&pdev->dev, PTR_ERR(clk), + "unable to get SYS clock\n"); status = clk_prepare_enable(clk); if (status) diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c index 8ba134ccd..edddc66ad 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c @@ -151,7 +151,6 @@ int transport_lookup_tmr_lun(struct se_cmd *se_cmd, u64 unpacked_lun) struct se_session *se_sess = se_cmd->se_sess; struct se_node_acl *nacl = se_sess->se_node_acl; struct se_tmr_req *se_tmr = se_cmd->se_tmr_req; - unsigned long flags; rcu_read_lock(); deve = target_nacl_find_deve(nacl, unpacked_lun); @@ -182,10 +181,6 @@ int transport_lookup_tmr_lun(struct se_cmd *se_cmd, u64 unpacked_lun) se_cmd->se_dev = rcu_dereference_raw(se_lun->lun_se_dev); se_tmr->tmr_dev = rcu_dereference_raw(se_lun->lun_se_dev); - spin_lock_irqsave(&se_tmr->tmr_dev->se_tmr_lock, flags); - list_add_tail(&se_tmr->tmr_list, &se_tmr->tmr_dev->dev_tmr_list); - spin_unlock_irqrestore(&se_tmr->tmr_dev->se_tmr_lock, flags); - return 0; } EXPORT_SYMBOL(transport_lookup_tmr_lun); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c index f52fe4000..82d9e2659 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -3392,6 +3392,10 @@ int transport_generic_handle_tmr( unsigned long flags; bool aborted = false; + spin_lock_irqsave(&cmd->se_dev->se_tmr_lock, flags); + list_add_tail(&cmd->se_tmr_req->tmr_list, &cmd->se_dev->dev_tmr_list); + spin_unlock_irqrestore(&cmd->se_dev->se_tmr_lock, flags); + spin_lock_irqsave(&cmd->t_state_lock, flags); if (cmd->transport_state & CMD_T_ABORTED) { aborted = true; diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index bdf3932ee..d533eb09d 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -247,14 +247,14 @@ hv_uio_probe(struct hv_device *dev, return -ENOTSUPP; } - pdata = kzalloc(sizeof(*pdata), GFP_KERNEL); + pdata = devm_kzalloc(&dev->device, sizeof(*pdata), GFP_KERNEL); if (!pdata) return -ENOMEM; ret = vmbus_alloc_ring(channel, HV_RING_SIZE * PAGE_SIZE, HV_RING_SIZE * PAGE_SIZE); if (ret) - goto fail; + return ret; set_channel_read_mode(channel, HV_CALL_ISR); @@ -291,7 +291,7 @@ hv_uio_probe(struct hv_device *dev, pdata->recv_buf = vzalloc(RECV_BUFFER_SIZE); if (pdata->recv_buf == NULL) { ret = -ENOMEM; - goto fail_close; + goto fail_free_ring; } ret = vmbus_establish_gpadl(channel, pdata->recv_buf, @@ -351,8 +351,8 @@ hv_uio_probe(struct hv_device *dev, fail_close: hv_uio_cleanup(dev, pdata); -fail: - kfree(pdata); +fail_free_ring: + vmbus_free_ring(dev->channel); return ret; } @@ -367,10 +367,8 @@ hv_uio_remove(struct hv_device *dev) uio_unregister_device(&pdata->info); hv_uio_cleanup(dev, pdata); - hv_set_drvdata(dev, NULL); vmbus_free_ring(dev->channel); - kfree(pdata); return 0; } diff --git a/drivers/usb/cdns3/gadget.c b/drivers/usb/cdns3/gadget.c index d111cf81c..61283e7e6 100644 --- a/drivers/usb/cdns3/gadget.c +++ b/drivers/usb/cdns3/gadget.c @@ -661,7 +661,11 @@ void cdns3_gadget_giveback(struct cdns3_endpoint *priv_ep, return; } - if (request->complete) { + /* + * zlp request is appended by driver, needn't call usb_gadget_giveback_request() to notify + * gadget composite driver. + */ + if (request->complete && request->buf != priv_dev->zlp_buf) { spin_unlock(&priv_dev->lock); usb_gadget_giveback_request(&priv_ep->endpoint, request); @@ -1951,11 +1955,11 @@ static int cdns3_gadget_ep_disable(struct usb_ep *ep) while (!list_empty(&priv_ep->wa2_descmiss_req_list)) { priv_req = cdns3_next_priv_request(&priv_ep->wa2_descmiss_req_list); + list_del_init(&priv_req->list); kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); - list_del_init(&priv_req->list); --priv_ep->wa2_counter; } diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index 7fa0d1ed6..1d7f81db4 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -295,8 +295,10 @@ static void usb_port_shutdown(struct device *dev) { struct usb_port *port_dev = to_usb_port(dev); - if (port_dev->child) + if (port_dev->child) { usb_disable_usb2_hardware_lpm(port_dev->child); + usb_unlocked_disable_lpm(port_dev->child); + } } static const struct dev_pm_ops usb_port_pm_ops = { diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index 2ef2464a5..b8597d4a4 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -1349,7 +1349,15 @@ static int ncm_unwrap_ntb(struct gether *port, "Parsed NTB with %d frames\n", dgram_counter); to_process -= block_len; - if (to_process != 0) { + + /* + * Windows NCM driver avoids USB ZLPs by adding a 1-byte + * zero pad as needed. + */ + if (to_process == 1 && + (*(unsigned char *)(ntb_ptr + block_len) == 0x00)) { + to_process--; + } else if (to_process > 0) { ntb_ptr = (unsigned char *)(ntb_ptr + block_len); goto parse_ntb; } diff --git a/drivers/usb/roles/class.c b/drivers/usb/roles/class.c index 873d89823..aa4fb7a66 100644 --- a/drivers/usb/roles/class.c +++ b/drivers/usb/roles/class.c @@ -20,6 +20,7 @@ struct usb_role_switch { struct device dev; struct mutex lock; /* device lock*/ enum usb_role role; + bool registered; /* From descriptor */ struct device *usb2_port; @@ -46,6 +47,9 @@ int usb_role_switch_set_role(struct usb_role_switch *sw, enum usb_role role) if (IS_ERR_OR_NULL(sw)) return 0; + if (!sw->registered) + return -EOPNOTSUPP; + mutex_lock(&sw->lock); ret = sw->set(sw->dev.parent, role); @@ -69,7 +73,7 @@ enum usb_role usb_role_switch_get_role(struct usb_role_switch *sw) { enum usb_role role; - if (IS_ERR_OR_NULL(sw)) + if (IS_ERR_OR_NULL(sw) || !sw->registered) return USB_ROLE_NONE; mutex_lock(&sw->lock); @@ -319,6 +323,8 @@ usb_role_switch_register(struct device *parent, return ERR_PTR(ret); } + sw->registered = true; + /* TODO: Symlinks for the host port and the device controller. */ return sw; @@ -333,8 +339,10 @@ EXPORT_SYMBOL_GPL(usb_role_switch_register); */ void usb_role_switch_unregister(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + sw->registered = false; device_unregister(&sw->dev); + } } EXPORT_SYMBOL_GPL(usb_role_switch_unregister); diff --git a/drivers/video/fbdev/savage/savagefb_driver.c b/drivers/video/fbdev/savage/savagefb_driver.c index d5d22d9c0..368500c40 100644 --- a/drivers/video/fbdev/savage/savagefb_driver.c +++ b/drivers/video/fbdev/savage/savagefb_driver.c @@ -869,6 +869,9 @@ static int savagefb_check_var(struct fb_var_screeninfo *var, DBG("savagefb_check_var"); + if (!var->pixclock) + return -EINVAL; + var->transp.offset = 0; var->transp.length = 0; switch (var->bits_per_pixel) { diff --git a/drivers/video/fbdev/sis/sis_main.c b/drivers/video/fbdev/sis/sis_main.c index b443a8ed4..2fdd02e51 100644 --- a/drivers/video/fbdev/sis/sis_main.c +++ b/drivers/video/fbdev/sis/sis_main.c @@ -1474,6 +1474,8 @@ sisfb_check_var(struct fb_var_screeninfo *var, struct fb_info *info) vtotal = var->upper_margin + var->lower_margin + var->vsync_len; + if (!var->pixclock) + return -EINVAL; pixclock = var->pixclock; if((var->vmode & FB_VMODE_MASK) == FB_VMODE_NONINTERLACED) { diff --git a/fs/afs/dir.c b/fs/afs/dir.c index 8bed9df09..1ada9b9cb 100644 --- a/fs/afs/dir.c +++ b/fs/afs/dir.c @@ -426,8 +426,10 @@ static int afs_dir_iterate_block(struct afs_vnode *dvnode, dire->u.name[0] == '.' && ctx->actor != afs_lookup_filldir && ctx->actor != afs_lookup_one_filldir && - memcmp(dire->u.name, ".__afs", 6) == 0) + memcmp(dire->u.name, ".__afs", 6) == 0) { + ctx->pos = blkoff + next * sizeof(union afs_xdr_dirent); continue; + } /* found the next entry */ if (!dir_emit(ctx, dire->u.name, nlen, diff --git a/fs/afs/volume.c b/fs/afs/volume.c index 4310336b9..4225bc766 100644 --- a/fs/afs/volume.c +++ b/fs/afs/volume.c @@ -221,7 +221,7 @@ static int afs_update_volume_status(struct afs_volume *volume, struct key *key) { struct afs_server_list *new, *old, *discard; struct afs_vldb_entry *vldb; - char idbuf[16]; + char idbuf[24]; int ret, idsz; _enter(""); @@ -229,7 +229,7 @@ static int afs_update_volume_status(struct afs_volume *volume, struct key *key) /* We look up an ID by passing it as a decimal string in the * operation's name parameter. */ - idsz = sprintf(idbuf, "%llu", volume->vid); + idsz = snprintf(idbuf, sizeof(idbuf), "%llu", volume->vid); vldb = afs_vl_lookup_vldb(volume->cell, key, idbuf, idsz); if (IS_ERR(vldb)) { diff --git a/fs/aio.c b/fs/aio.c index 1ec5a773d..7a50c97cf 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -570,6 +570,13 @@ void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) struct kioctx *ctx = req->ki_ctx; unsigned long flags; + /* + * kiocb didn't come from aio or is neither a read nor a write, hence + * ignore it. + */ + if (!(iocb->ki_flags & IOCB_AIO_RW)) + return; + if (WARN_ON_ONCE(!list_empty(&req->ki_list))) return; @@ -1455,7 +1462,7 @@ static int aio_prep_rw(struct kiocb *req, const struct iocb *iocb) req->ki_complete = aio_complete_rw; req->private = NULL; req->ki_pos = iocb->aio_offset; - req->ki_flags = iocb_flags(req->ki_filp); + req->ki_flags = iocb_flags(req->ki_filp) | IOCB_AIO_RW; if (iocb->aio_flags & IOCB_FLAG_RESFD) req->ki_flags |= IOCB_EVENTFD; req->ki_hint = ki_hint_validate(file_write_hint(req->ki_filp)); diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c index 444e1e5d0..4abc0db65 100644 --- a/fs/btrfs/dev-replace.c +++ b/fs/btrfs/dev-replace.c @@ -535,6 +535,23 @@ static int btrfs_dev_replace_start(struct btrfs_fs_info *fs_info, return ret; } +static int btrfs_check_replace_dev_names(struct btrfs_ioctl_dev_replace_args *args) +{ + if (args->start.srcdevid == 0) { + if (memchr(args->start.srcdev_name, 0, + sizeof(args->start.srcdev_name)) == NULL) + return -ENAMETOOLONG; + } else { + args->start.srcdev_name[0] = 0; + } + + if (memchr(args->start.tgtdev_name, 0, + sizeof(args->start.tgtdev_name)) == NULL) + return -ENAMETOOLONG; + + return 0; +} + int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info, struct btrfs_ioctl_dev_replace_args *args) { @@ -547,10 +564,9 @@ int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info, default: return -EINVAL; } - - if ((args->start.srcdevid == 0 && args->start.srcdev_name[0] == '\0') || - args->start.tgtdev_name[0] == '\0') - return -EINVAL; + ret = btrfs_check_replace_dev_names(args); + if (ret < 0) + return ret; ret = btrfs_dev_replace_start(fs_info, args->start.tgtdev_name, args->start.srcdevid, diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index dfb14dbdd..3b39552c2 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -245,6 +245,8 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) kmem_cache_free(cachefiles_object_jar, fsdef); error_root_object: cachefiles_end_secure(cache, saved_cred); + put_cred(cache->cache_cred); + cache->cache_cred = NULL; pr_err("Failed to register: %d\n", ret); return ret; } @@ -265,6 +267,7 @@ void cachefiles_daemon_unbind(struct cachefiles_cache *cache) dput(cache->graveyard); mntput(cache->mnt); + put_cred(cache->cache_cred); kfree(cache->rootdirname); kfree(cache->secctx); diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 30f841a88..704f2b1e0 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -290,8 +290,8 @@ int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, { unsigned int tioffset; /* challenge message target info area */ unsigned int tilen; /* challenge message target info area length */ - CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr; + __u32 server_flags; if (blob_len < sizeof(CHALLENGE_MESSAGE)) { cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len); @@ -309,12 +309,37 @@ int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, return -EINVAL; } + server_flags = le32_to_cpu(pblob->NegotiateFlags); + cifs_dbg(FYI, "%s: negotiate=0x%08x challenge=0x%08x\n", __func__, + ses->ntlmssp->client_flags, server_flags); + + if ((ses->ntlmssp->client_flags & (NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN)) && + (!(server_flags & NTLMSSP_NEGOTIATE_56) && !(server_flags & NTLMSSP_NEGOTIATE_128))) { + cifs_dbg(VFS, "%s: requested signing/encryption but server did not return either 56-bit or 128-bit session key size\n", + __func__); + return -EINVAL; + } + if (!(server_flags & NTLMSSP_NEGOTIATE_NTLM) && !(server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) { + cifs_dbg(VFS, "%s: server does not seem to support either NTLMv1 or NTLMv2\n", __func__); + return -EINVAL; + } + if (ses->server->sign && !(server_flags & NTLMSSP_NEGOTIATE_SIGN)) { + cifs_dbg(VFS, "%s: forced packet signing but server does not seem to support it\n", + __func__); + return -EOPNOTSUPP; + } + if ((ses->ntlmssp->client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && + !(server_flags & NTLMSSP_NEGOTIATE_KEY_XCH)) + pr_warn_once("%s: authentication has been weakened as server does not support key exchange\n", + __func__); + + ses->ntlmssp->server_flags = server_flags; + memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); - /* BB we could decode pblob->NegotiateFlags; some may be useful */ /* In particular we can examine sign flags */ /* BB spec says that if AvId field of MsvAvTimestamp is populated then we must set the MIC field of the AUTHENTICATE_MESSAGE */ - ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); + tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); tilen = le16_to_cpu(pblob->TargetInfoArray.Length); if (tioffset > blob_len || tioffset + tilen > blob_len) { @@ -353,12 +378,12 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | - NTLMSSP_NEGOTIATE_SEAL; - if (ses->server->sign) - flags |= NTLMSSP_NEGOTIATE_SIGN; + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_SIGN; if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) flags |= NTLMSSP_NEGOTIATE_KEY_XCH; + ses->ntlmssp->client_flags = flags; sec_blob->NegotiateFlags = cpu_to_le32(flags); sec_blob->WorkstationName.BufferOffset = 0; @@ -417,15 +442,8 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer, memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); sec_blob->MessageType = NtLmAuthenticate; - flags = NTLMSSP_NEGOTIATE_56 | - NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | - NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | - NTLMSSP_NEGOTIATE_SEAL; - if (ses->server->sign) - flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; + flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET | + NTLMSSP_NEGOTIATE_TARGET_INFO; tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags); @@ -491,9 +509,9 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer, sec_blob->WorkstationName.MaximumLength = 0; tmp += 2; - if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) || - (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) - && !calc_seckey(ses)) { + if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && + (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) && + !calc_seckey(ses)) { memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 52ca50256..e118b78d2 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1802,6 +1802,9 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, return err; ext4_lock_group(ac->ac_sb, group); + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) + goto out; + max = mb_find_extent(e4b, ex.fe_start, ex.fe_len, &ex); if (max > 0) { @@ -1809,6 +1812,7 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, ext4_mb_use_best_found(ac, e4b); } +out: ext4_unlock_group(ac->ac_sb, group); ext4_mb_unload_buddy(e4b); @@ -1835,12 +1839,10 @@ int ext4_mb_find_by_goal(struct ext4_allocation_context *ac, if (err) return err; - if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) { - ext4_mb_unload_buddy(e4b); - return 0; - } - ext4_lock_group(ac->ac_sb, group); + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) + goto out; + max = mb_find_extent(e4b, ac->ac_g_ex.fe_start, ac->ac_g_ex.fe_len, &ex); ex.fe_logical = 0xDEADFA11; /* debug value */ @@ -1873,6 +1875,7 @@ int ext4_mb_find_by_goal(struct ext4_allocation_context *ac, ac->ac_b_ex = ex; ext4_mb_use_best_found(ac, e4b); } +out: ext4_unlock_group(ac->ac_sb, group); ext4_mb_unload_buddy(e4b); diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index b1d31c78f..47b292f9b 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -1205,6 +1205,7 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1249,11 +1250,12 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps >> 20); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size: diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index 53cd7b2bb..c28ba474a 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -23,6 +23,7 @@ static struct iomap_page * iomap_page_create(struct inode *inode, struct page *page) { struct iomap_page *iop = to_iomap_page(page); + unsigned int nr_blocks = PAGE_SIZE / i_blocksize(inode); if (iop || i_blocksize(inode) == PAGE_SIZE) return iop; @@ -32,6 +33,8 @@ iomap_page_create(struct inode *inode, struct page *page) atomic_set(&iop->write_count, 0); spin_lock_init(&iop->uptodate_lock); bitmap_zero(iop->uptodate, PAGE_SIZE / SECTOR_SIZE); + if (PageUptodate(page)) + bitmap_fill(iop->uptodate, nr_blocks); /* * migrate_page_move_mapping() assumes that pages with private data have diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index e2a5320f2..b9c759add 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -40,8 +40,21 @@ static inline struct nilfs_dat_info *NILFS_DAT_I(struct inode *dat) static int nilfs_dat_prepare_entry(struct inode *dat, struct nilfs_palloc_req *req, int create) { - return nilfs_palloc_get_entry_block(dat, req->pr_entry_nr, - create, &req->pr_entry_bh); + int ret; + + ret = nilfs_palloc_get_entry_block(dat, req->pr_entry_nr, + create, &req->pr_entry_bh); + if (unlikely(ret == -ENOENT)) { + nilfs_msg(dat->i_sb, KERN_ERR, + "DAT doesn't have a block to manage vblocknr = %llu", + (unsigned long long)req->pr_entry_nr); + /* + * Return internal code -EINVAL to notify bmap layer of + * metadata corruption. + */ + ret = -EINVAL; + } + return ret; } static void nilfs_dat_commit_entry(struct inode *dat, @@ -123,11 +136,7 @@ static void nilfs_dat_commit_free(struct inode *dat, int nilfs_dat_prepare_start(struct inode *dat, struct nilfs_palloc_req *req) { - int ret; - - ret = nilfs_dat_prepare_entry(dat, req, 0); - WARN_ON(ret == -ENOENT); - return ret; + return nilfs_dat_prepare_entry(dat, req, 0); } void nilfs_dat_commit_start(struct inode *dat, struct nilfs_palloc_req *req, @@ -154,10 +163,8 @@ int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req) int ret; ret = nilfs_dat_prepare_entry(dat, req, 0); - if (ret < 0) { - WARN_ON(ret == -ENOENT); + if (ret < 0) return ret; - } kaddr = kmap_atomic(req->pr_entry_bh->b_page); entry = nilfs_palloc_block_get_entry(dat, req->pr_entry_nr, diff --git a/include/linux/fs.h b/include/linux/fs.h index d172706c8..8ac671ec9 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -314,6 +314,8 @@ enum rw_hint { #define IOCB_SYNC (1 << 5) #define IOCB_WRITE (1 << 6) #define IOCB_NOWAIT (1 << 7) +/* kiocb is a read or write operation submitted by fs/aio.c. */ +#define IOCB_AIO_RW (1 << 23) struct kiocb { struct file *ki_filp; diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 67d9b5a37..2d51a702e 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -288,7 +288,7 @@ struct vmtransfer_page_packet_header { u8 sender_owns_set; u8 reserved; u32 range_cnt; - struct vmtransfer_page_range ranges[1]; + struct vmtransfer_page_range ranges[]; } __packed; struct vmgpadl_packet_header { diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index f452521f2..410243038 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -405,6 +405,10 @@ extern void lock_unpin_lock(struct lockdep_map *lock, struct pin_cookie); WARN_ON_ONCE(debug_locks && !lockdep_is_held(l)); \ } while (0) +#define lockdep_assert_none_held_once() do { \ + WARN_ON_ONCE(debug_locks && current->lockdep_depth); \ + } while (0) + #define lockdep_recursing(tsk) ((tsk)->lockdep_recursion) #define lockdep_pin_lock(l) lock_pin_lock(&(l)->dep_map) @@ -482,6 +486,7 @@ struct lockdep_map { }; #define lockdep_assert_held_write(l) do { (void)(l); } while (0) #define lockdep_assert_held_read(l) do { (void)(l); } while (0) #define lockdep_assert_held_once(l) do { (void)(l); } while (0) +#define lockdep_assert_none_held_once() do { } while (0) #define lockdep_recursing(tsk) (0) diff --git a/include/linux/socket.h b/include/linux/socket.h index a465c6a45..cb3fd17fa 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -30,7 +30,10 @@ typedef __kernel_sa_family_t sa_family_t; struct sockaddr { sa_family_t sa_family; /* address family, AF_xxx */ - char sa_data[14]; /* 14 bytes of protocol address */ + union { + char sa_data_min[14]; /* Minimum 14 bytes of protocol address */ + DECLARE_FLEX_ARRAY(char, sa_data); + }; }; struct linger { diff --git a/include/linux/stddef.h b/include/linux/stddef.h index 998a4ba28..6a46c4c1c 100644 --- a/include/linux/stddef.h +++ b/include/linux/stddef.h @@ -36,4 +36,17 @@ enum { #define offsetofend(TYPE, MEMBER) \ (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER)) +/** + * DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union + * + * @TYPE: The type of each flexible array element + * @NAME: The name of the flexible array member + * + * In order to have a flexible array member in a union or alone in a + * struct, it needs to be wrapped in an anonymous struct with at least 1 + * named member, but that member can be empty. + */ +#define DECLARE_FLEX_ARRAY(TYPE, NAME) \ + __DECLARE_FLEX_ARRAY(TYPE, NAME) + #endif diff --git a/include/net/tcp.h b/include/net/tcp.h index af67e19eb..164ba7b77 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -391,6 +391,7 @@ void tcp_update_metrics(struct sock *sk); void tcp_init_metrics(struct sock *sk); void tcp_metrics_init(void); bool tcp_peer_is_proven(struct request_sock *req, struct dst_entry *dst); +void __tcp_close(struct sock *sk, long timeout); void tcp_close(struct sock *sk, long timeout); void tcp_init_sock(struct sock *sk); void tcp_init_transfer(struct sock *sk, int bpf_op); diff --git a/include/uapi/linux/stddef.h b/include/uapi/linux/stddef.h index ee8220f8d..30bed3db1 100644 --- a/include/uapi/linux/stddef.h +++ b/include/uapi/linux/stddef.h @@ -4,3 +4,19 @@ #ifndef __always_inline #define __always_inline inline #endif + +/** + * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union + * + * @TYPE: The type of each flexible array element + * @NAME: The name of the flexible array member + * + * In order to have a flexible array member in a union or alone in a + * struct, it needs to be wrapped in an anonymous struct with at least 1 + * named member, but that member can be empty. + */ +#define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ + struct { \ + struct { } __empty_ ## NAME; \ + TYPE NAME[]; \ + } diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 186e7d78d..873f364cb 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -8,7 +8,7 @@ #include "pelt.h" int sched_rr_timeslice = RR_TIMESLICE; -int sysctl_sched_rr_timeslice = (MSEC_PER_SEC / HZ) * RR_TIMESLICE; +int sysctl_sched_rr_timeslice = (MSEC_PER_SEC * RR_TIMESLICE) / HZ; /* More than 4 hours if BW_SHIFT equals 20. */ static const u64 max_rt_runtime = MAX_BW; @@ -2659,9 +2659,6 @@ static int sched_rt_global_constraints(void) static int sched_rt_global_validate(void) { - if (sysctl_sched_rt_period <= 0) - return -EINVAL; - if ((sysctl_sched_rt_runtime != RUNTIME_INF) && ((sysctl_sched_rt_runtime > sysctl_sched_rt_period) || ((u64)sysctl_sched_rt_runtime * @@ -2693,7 +2690,7 @@ int sched_rt_handler(struct ctl_table *table, int write, old_period = sysctl_sched_rt_period; old_runtime = sysctl_sched_rt_runtime; - ret = proc_dointvec(table, write, buffer, lenp, ppos); + ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (!ret && write) { ret = sched_rt_global_validate(); @@ -2738,6 +2735,9 @@ int sched_rr_handler(struct ctl_table *table, int write, sched_rr_timeslice = sysctl_sched_rr_timeslice <= 0 ? RR_TIMESLICE : msecs_to_jiffies(sysctl_sched_rr_timeslice); + + if (sysctl_sched_rr_timeslice <= 0) + sysctl_sched_rr_timeslice = jiffies_to_msecs(RR_TIMESLICE); } mutex_unlock(&mutex); diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 959da8b2b..68409b065 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -468,6 +468,8 @@ static struct ctl_table kern_table[] = { .maxlen = sizeof(unsigned int), .mode = 0644, .proc_handler = sched_rt_handler, + .extra1 = SYSCTL_ONE, + .extra2 = SYSCTL_INT_MAX, }, { .procname = "sched_rt_runtime_us", @@ -475,6 +477,8 @@ static struct ctl_table kern_table[] = { .maxlen = sizeof(int), .mode = 0644, .proc_handler = sched_rt_handler, + .extra1 = &neg_one, + .extra2 = SYSCTL_INT_MAX, }, { .procname = "sched_rr_timeslice_ms", diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 0140629b7..0cc7ee52d 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -2214,6 +2214,9 @@ static void drain_stock(struct memcg_stock_pcp *stock) { struct mem_cgroup *old = stock->cached; + if (!old) + return; + if (stock->nr_pages) { page_counter_uncharge(&old->memory, stock->nr_pages); if (do_memsw_account()) @@ -2221,6 +2224,8 @@ static void drain_stock(struct memcg_stock_pcp *stock) css_put_many(&old->css, stock->nr_pages); stock->nr_pages = 0; } + + css_put(&old->css); stock->cached = NULL; } @@ -2256,6 +2261,7 @@ static void refill_stock(struct mem_cgroup *memcg, unsigned int nr_pages) stock = this_cpu_ptr(&memcg_stock); if (stock->cached != memcg) { /* reset if necessary */ drain_stock(stock); + css_get(&memcg->css); stock->cached = memcg; } stock->nr_pages += nr_pages; diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 6fa66e211..e8758304a 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -177,6 +177,7 @@ static __always_inline ssize_t __mcopy_atomic_hugetlb(struct mm_struct *dst_mm, unsigned long dst_start, unsigned long src_start, unsigned long len, + bool *mmap_changing, bool zeropage) { int vm_alloc_shared = dst_vma->vm_flags & VM_SHARED; @@ -308,6 +309,15 @@ static __always_inline ssize_t __mcopy_atomic_hugetlb(struct mm_struct *dst_mm, goto out; } down_read(&dst_mm->mmap_sem); + /* + * If memory mappings are changing because of non-cooperative + * operation (e.g. mremap) running in parallel, bail out and + * request the user to retry later + */ + if (mmap_changing && READ_ONCE(*mmap_changing)) { + err = -EAGAIN; + break; + } dst_vma = NULL; goto retry; @@ -389,6 +399,7 @@ extern ssize_t __mcopy_atomic_hugetlb(struct mm_struct *dst_mm, unsigned long dst_start, unsigned long src_start, unsigned long len, + bool *mmap_changing, bool zeropage); #endif /* CONFIG_HUGETLB_PAGE */ @@ -506,7 +517,8 @@ static __always_inline ssize_t __mcopy_atomic(struct mm_struct *dst_mm, */ if (is_vm_hugetlb_page(dst_vma)) return __mcopy_atomic_hugetlb(dst_mm, dst_vma, dst_start, - src_start, len, zeropage); + src_start, len, mmap_changing, + zeropage); if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma)) goto out_unlock; diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 54c55c30d..289fb2852 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -2272,6 +2272,7 @@ static void hci_error_reset(struct work_struct *work) { struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset); + hci_dev_hold(hdev); BT_DBG("%s", hdev->name); if (hdev->hw_error) @@ -2279,10 +2280,10 @@ static void hci_error_reset(struct work_struct *work) else bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code); - if (hci_dev_do_close(hdev)) - return; + if (!hci_dev_do_close(hdev)) + hci_dev_do_open(hdev); - hci_dev_do_open(hdev); + hci_dev_put(hdev); } void hci_uuids_clear(struct hci_dev *hdev) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 4ed4b83c5..2167e4b77 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4486,9 +4486,12 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) hci_dev_lock(hdev); conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); - if (!conn || !hci_conn_ssp_enabled(conn)) + if (!conn || !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) goto unlock; + /* Assume remote supports SSP since it has triggered this event */ + set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); + hci_conn_hold(conn); if (!hci_dev_test_flag(hdev, HCI_MGMT)) @@ -5783,6 +5786,10 @@ static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev, return send_conn_param_neg_reply(hdev, handle, HCI_ERROR_UNKNOWN_CONN_ID); + if (max > hcon->le_conn_max_interval) + return send_conn_param_neg_reply(hdev, handle, + HCI_ERROR_INVALID_LL_PARAMS); + if (hci_check_conn_params(min, max, latency, timeout)) return send_conn_param_neg_reply(hdev, handle, HCI_ERROR_INVALID_LL_PARAMS); diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 61bf48926..9c06f5ffd 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -5331,7 +5331,13 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, memset(&rsp, 0, sizeof(rsp)); - err = hci_check_conn_params(min, max, latency, to_multiplier); + if (max > hcon->le_conn_max_interval) { + BT_DBG("requested connection interval exceeds current bounds."); + err = -EINVAL; + } else { + err = hci_check_conn_params(min, max, latency, to_multiplier); + } + if (err) rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED); else diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index f085b1648..501f77f0f 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -35,6 +35,8 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) const unsigned char *dest; u16 vid = 0; + memset(skb->cb, 0, sizeof(struct br_input_skb_cb)); + rcu_read_lock(); nf_ops = rcu_dereference(nf_br_ops); if (nf_ops && nf_ops->br_dev_xmit_hook(skb)) { diff --git a/net/core/dev.c b/net/core/dev.c index c6dbe4533..601518275 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -8220,7 +8220,7 @@ EXPORT_SYMBOL(dev_set_mac_address_user); int dev_get_mac_address(struct sockaddr *sa, struct net *net, char *dev_name) { - size_t size = sizeof(sa->sa_data); + size_t size = sizeof(sa->sa_data_min); struct net_device *dev; int ret = 0; diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c index 69fb9219d..e3fa740b4 100644 --- a/net/core/dev_ioctl.c +++ b/net/core/dev_ioctl.c @@ -241,7 +241,7 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd) if (ifr->ifr_hwaddr.sa_family != dev->type) return -EINVAL; memcpy(dev->broadcast, ifr->ifr_hwaddr.sa_data, - min(sizeof(ifr->ifr_hwaddr.sa_data), + min(sizeof(ifr->ifr_hwaddr.sa_data_min), (size_t)dev->addr_len)); call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); return 0; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index bb1a27384..ee599636f 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -4586,10 +4586,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, struct net *net = sock_net(skb->sk); struct ifinfomsg *ifm; struct net_device *dev; - struct nlattr *br_spec, *attr = NULL; + struct nlattr *br_spec, *attr, *br_flags_attr = NULL; int rem, err = -EOPNOTSUPP; u16 flags = 0; - bool have_flags = false; if (nlmsg_len(nlh) < sizeof(*ifm)) return -EINVAL; @@ -4607,11 +4606,11 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC); if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { - if (nla_type(attr) == IFLA_BRIDGE_FLAGS && !have_flags) { + if (nla_type(attr) == IFLA_BRIDGE_FLAGS && !br_flags_attr) { if (nla_len(attr) < sizeof(flags)) return -EINVAL; - have_flags = true; + br_flags_attr = attr; flags = nla_get_u16(attr); } @@ -4655,8 +4654,8 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, } } - if (have_flags) - memcpy(nla_data(attr), &flags, sizeof(flags)); + if (br_flags_attr) + memcpy(nla_data(br_flags_attr), &flags, sizeof(flags)); out: return err; } diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index c089f8f88..60f246d76 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -888,7 +888,7 @@ int inet_shutdown(struct socket *sock, int how) EPOLLHUP, even on eg. unconnected UDP sockets -- RR */ /* fall through */ default: - sk->sk_shutdown |= how; + WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | how); if (sk->sk_prot->shutdown) sk->sk_prot->shutdown(sk, how); break; diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index b8fe943ae..17d8736b7 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -1104,7 +1104,8 @@ static int arp_req_get(struct arpreq *r, struct net_device *dev) if (neigh) { if (!(neigh->nud_state & NUD_NOARP)) { read_lock_bh(&neigh->lock); - memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len); + memcpy(r->arp_ha.sa_data, neigh->ha, + min(dev->addr_len, sizeof(r->arp_ha.sa_data_min))); r->arp_flags = arp_state_to_flags(neigh); read_unlock_bh(&neigh->lock); r->arp_ha.sa_family = dev->type; diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 4c013f880..ed00b233c 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -1798,6 +1798,21 @@ static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, return err; } +/* Combine dev_addr_genid and dev_base_seq to detect changes. + */ +static u32 inet_base_seq(const struct net *net) +{ + u32 res = atomic_read(&net->ipv4.dev_addr_genid) + + net->dev_base_seq; + + /* Must not return 0 (see nl_dump_check_consistent()). + * Chose a value far away from 0. + */ + if (!res) + res = 0x80000000; + return res; +} + static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) { const struct nlmsghdr *nlh = cb->nlh; @@ -1849,8 +1864,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) idx = 0; head = &tgt_net->dev_index_head[h]; rcu_read_lock(); - cb->seq = atomic_read(&tgt_net->ipv4.dev_addr_genid) ^ - tgt_net->dev_base_seq; + cb->seq = inet_base_seq(tgt_net); hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) goto cont; @@ -2249,8 +2263,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); - cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^ - net->dev_base_seq; + cb->seq = inet_base_seq(net); hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) goto cont; diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 12b990190..b7a7e21b2 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -547,6 +547,20 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb, return 0; } +static void ip_tunnel_adj_headroom(struct net_device *dev, unsigned int headroom) +{ + /* we must cap headroom to some upperlimit, else pskb_expand_head + * will overflow header offsets in skb_headers_offset_update(). + */ + static const unsigned int max_allowed = 512; + + if (headroom > max_allowed) + headroom = max_allowed; + + if (headroom > READ_ONCE(dev->needed_headroom)) + WRITE_ONCE(dev->needed_headroom, headroom); +} + void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, u8 proto, int tunnel_hlen) { @@ -620,13 +634,13 @@ void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, } headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len; - if (headroom > READ_ONCE(dev->needed_headroom)) - WRITE_ONCE(dev->needed_headroom, headroom); - - if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom))) { + if (skb_cow_head(skb, headroom)) { ip_rt_put(rt); goto tx_dropped; } + + ip_tunnel_adj_headroom(dev, headroom); + iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl, df, !net_eq(tunnel->net, dev_net(dev))); return; @@ -804,16 +818,16 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr) + rt->dst.header_len + ip_encap_hlen(&tunnel->encap); - if (max_headroom > READ_ONCE(dev->needed_headroom)) - WRITE_ONCE(dev->needed_headroom, max_headroom); - if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom))) { + if (skb_cow_head(skb, max_headroom)) { ip_rt_put(rt); dev->stats.tx_dropped++; kfree_skb(skb); return; } + ip_tunnel_adj_headroom(dev, max_headroom); + iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl, df, !net_eq(tunnel->net, dev_net(dev))); return; diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 10ef04eaf..de9c7ead9 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -505,6 +505,7 @@ __poll_t tcp_poll(struct file *file, struct socket *sock, poll_table *wait) __poll_t mask; struct sock *sk = sock->sk; const struct tcp_sock *tp = tcp_sk(sk); + u8 shutdown; int state; sock_poll_wait(file, sock, wait); @@ -547,9 +548,10 @@ __poll_t tcp_poll(struct file *file, struct socket *sock, poll_table *wait) * NOTE. Check for TCP_CLOSE is added. The goal is to prevent * blocking on fresh not-connected or disconnected socket. --ANK */ - if (sk->sk_shutdown == SHUTDOWN_MASK || state == TCP_CLOSE) + shutdown = READ_ONCE(sk->sk_shutdown); + if (shutdown == SHUTDOWN_MASK || state == TCP_CLOSE) mask |= EPOLLHUP; - if (sk->sk_shutdown & RCV_SHUTDOWN) + if (shutdown & RCV_SHUTDOWN) mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; /* Connected or passive Fast Open socket? */ @@ -565,8 +567,8 @@ __poll_t tcp_poll(struct file *file, struct socket *sock, poll_table *wait) if (tcp_stream_is_readable(tp, target, sk)) mask |= EPOLLIN | EPOLLRDNORM; - if (!(sk->sk_shutdown & SEND_SHUTDOWN)) { - if (sk_stream_is_writeable(sk)) { + if (!(shutdown & SEND_SHUTDOWN)) { + if (__sk_stream_is_writeable(sk, 1)) { mask |= EPOLLOUT | EPOLLWRNORM; } else { /* send SIGIO later */ sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); @@ -578,7 +580,7 @@ __poll_t tcp_poll(struct file *file, struct socket *sock, poll_table *wait) * pairs with the input side. */ smp_mb__after_atomic(); - if (sk_stream_is_writeable(sk)) + if (__sk_stream_is_writeable(sk, 1)) mask |= EPOLLOUT | EPOLLWRNORM; } } else @@ -2351,14 +2353,13 @@ bool tcp_check_oom(struct sock *sk, int shift) return too_many_orphans || out_of_socket_memory; } -void tcp_close(struct sock *sk, long timeout) +void __tcp_close(struct sock *sk, long timeout) { struct sk_buff *skb; int data_was_unread = 0; int state; - lock_sock(sk); - sk->sk_shutdown = SHUTDOWN_MASK; + WRITE_ONCE(sk->sk_shutdown, SHUTDOWN_MASK); if (sk->sk_state == TCP_LISTEN) { tcp_set_state(sk, TCP_CLOSE); @@ -2521,6 +2522,12 @@ void tcp_close(struct sock *sk, long timeout) out: bh_unlock_sock(sk); local_bh_enable(); +} + +void tcp_close(struct sock *sk, long timeout) +{ + lock_sock(sk); + __tcp_close(sk, timeout); release_sock(sk); sock_put(sk); } @@ -2624,7 +2631,7 @@ int tcp_disconnect(struct sock *sk, int flags) if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) inet_reset_saddr(sk); - sk->sk_shutdown = 0; + WRITE_ONCE(sk->sk_shutdown, 0); sock_reset_flag(sk, SOCK_DONE); tp->srtt_us = 0; tp->mdev_us = jiffies_to_usecs(TCP_TIMEOUT_INIT); @@ -3902,7 +3909,7 @@ void tcp_done(struct sock *sk) if (req) reqsk_fastopen_remove(sk, req, false); - sk->sk_shutdown = SHUTDOWN_MASK; + WRITE_ONCE(sk->sk_shutdown, SHUTDOWN_MASK); if (!sock_flag(sk, SOCK_DEAD)) sk->sk_state_change(sk); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 982fe4641..61243531a 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4216,7 +4216,7 @@ void tcp_fin(struct sock *sk) inet_csk_schedule_ack(sk); - sk->sk_shutdown |= RCV_SHUTDOWN; + WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | RCV_SHUTDOWN); sock_set_flag(sk, SOCK_DONE); switch (sk->sk_state) { @@ -6354,7 +6354,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) break; tcp_set_state(sk, TCP_FIN_WAIT2); - sk->sk_shutdown |= SEND_SHUTDOWN; + WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | SEND_SHUTDOWN); sk_dst_confirm(sk); diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 4bec4c061..974e650e7 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -696,6 +696,22 @@ static int inet6_netconf_get_devconf(struct sk_buff *in_skb, return err; } +/* Combine dev_addr_genid and dev_base_seq to detect changes. + */ +static u32 inet6_base_seq(const struct net *net) +{ + u32 res = atomic_read(&net->ipv6.dev_addr_genid) + + net->dev_base_seq; + + /* Must not return 0 (see nl_dump_check_consistent()). + * Chose a value far away from 0. + */ + if (!res) + res = 0x80000000; + return res; +} + + static int inet6_netconf_dump_devconf(struct sk_buff *skb, struct netlink_callback *cb) { @@ -729,8 +745,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); - cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ - net->dev_base_seq; + cb->seq = inet6_base_seq(net); hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) goto cont; @@ -5232,7 +5247,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, } rcu_read_lock(); - cb->seq = atomic_read(&tgt_net->ipv6.dev_addr_genid) ^ tgt_net->dev_base_seq; + cb->seq = inet6_base_seq(tgt_net); for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &tgt_net->dev_index_head[h]; @@ -5365,9 +5380,10 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, } addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer); - if (!addr) - return -EINVAL; - + if (!addr) { + err = -EINVAL; + goto errout; + } ifm = nlmsg_data(nlh); if (ifm->ifa_index) dev = dev_get_by_index(tgt_net, ifm->ifa_index); diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c index f5c448c27..7094f8691 100644 --- a/net/ipv6/seg6.c +++ b/net/ipv6/seg6.c @@ -441,22 +441,24 @@ int __init seg6_init(void) { int err = -ENOMEM; - err = genl_register_family(&seg6_genl_family); + err = register_pernet_subsys(&ip6_segments_ops); if (err) goto out; - err = register_pernet_subsys(&ip6_segments_ops); + err = genl_register_family(&seg6_genl_family); if (err) - goto out_unregister_genl; + goto out_unregister_pernet; #ifdef CONFIG_IPV6_SEG6_LWTUNNEL err = seg6_iptunnel_init(); if (err) - goto out_unregister_pernet; + goto out_unregister_genl; err = seg6_local_init(); - if (err) - goto out_unregister_pernet; + if (err) { + seg6_iptunnel_exit(); + goto out_unregister_genl; + } #endif #ifdef CONFIG_IPV6_SEG6_HMAC @@ -477,11 +479,11 @@ int __init seg6_init(void) #endif #endif #ifdef CONFIG_IPV6_SEG6_LWTUNNEL -out_unregister_pernet: - unregister_pernet_subsys(&ip6_segments_ops); -#endif out_unregister_genl: genl_unregister_family(&seg6_genl_family); +#endif +out_unregister_pernet: + unregister_pernet_subsys(&ip6_segments_ops); goto out; } diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c index f91542e2f..3a24614f3 100644 --- a/net/l2tp/l2tp_ip6.c +++ b/net/l2tp/l2tp_ip6.c @@ -644,7 +644,7 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) back_from_confirm: lock_sock(sk); - ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; + ulen = len + (skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0); err = ip6_append_data(sk, ip_generic_getfrag, msg, ulen, transhdrlen, &ipc6, &fl6, (struct rt6_info *)dst, diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 0f97c6fce..e330036e0 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -683,6 +683,8 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU) if (ieee80211_vif_is_mesh(&sdata->vif)) mesh_accept_plinks_update(sdata); + ieee80211_check_fast_xmit(sta); + return 0; out_remove: sta_info_hash_del(local, sta); diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 8bd01dfa7..5fd9a6f75 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -2919,7 +2919,7 @@ void ieee80211_check_fast_xmit(struct sta_info *sta) sdata->vif.type == NL80211_IFTYPE_STATION) goto out; - if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED)) + if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded) goto out; if (test_sta_flag(sta, WLAN_STA_PS_STA) || diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index e7545bcca..6b2a215b2 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -299,7 +299,7 @@ sctp_new(struct nf_conn *ct, const struct sk_buff *skb, pr_debug("Setting vtag %x for secondary conntrack\n", sh->vtag); ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL] = sh->vtag; - } else { + } else if (sch->type == SCTP_CID_SHUTDOWN_ACK) { /* If it is a shutdown ack OOTB packet, we expect a return shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */ pr_debug("Setting vtag %x for new conn OOTB\n", diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 38337e72c..b3a4fc784 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -951,6 +951,7 @@ static int nf_tables_updtable(struct nft_ctx *ctx) return 0; err_register_hooks: + ctx->table->flags |= NFT_TABLE_F_DORMANT; nft_trans_destroy(trans); return ret; } diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 2372f0bbb..fdce5012a 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -336,10 +336,20 @@ static int nft_target_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && + ctx->family != NFPROTO_INET && ctx->family != NFPROTO_BRIDGE && ctx->family != NFPROTO_ARP) return -EOPNOTSUPP; + ret = nft_chain_validate_hooks(ctx->chain, + (1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN) | + (1 << NF_INET_FORWARD) | + (1 << NF_INET_LOCAL_OUT) | + (1 << NF_INET_POST_ROUTING)); + if (ret) + return ret; + if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -584,10 +594,20 @@ static int nft_match_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && + ctx->family != NFPROTO_INET && ctx->family != NFPROTO_BRIDGE && ctx->family != NFPROTO_ARP) return -EOPNOTSUPP; + ret = nft_chain_validate_hooks(ctx->chain, + (1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN) | + (1 << NF_INET_FORWARD) | + (1 << NF_INET_LOCAL_OUT) | + (1 << NF_INET_POST_ROUTING)); + if (ret) + return ret; + if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index bd9b3cd25..3808b12da 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -156,7 +156,7 @@ static inline u32 netlink_group_mask(u32 group) static struct sk_buff *netlink_to_full_skb(const struct sk_buff *skb, gfp_t gfp_mask) { - unsigned int len = skb_end_offset(skb); + unsigned int len = skb->len; struct sk_buff *new; new = alloc_skb(len, gfp_mask); diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 600a84a5c..53277e0f9 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1850,7 +1850,7 @@ static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev, */ spkt->spkt_family = dev->type; - strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device)); + strscpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device)); spkt->spkt_protocol = skb->protocol; /* @@ -3223,7 +3223,7 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sock *sk = sock->sk; - char name[sizeof(uaddr->sa_data) + 1]; + char name[sizeof(uaddr->sa_data_min) + 1]; /* * Check legality @@ -3234,8 +3234,8 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, /* uaddr->sa_data comes from the userspace, it's not guaranteed to be * zero-terminated. */ - memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data)); - name[sizeof(uaddr->sa_data)] = 0; + memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data_min)); + name[sizeof(uaddr->sa_data_min)] = 0; return packet_do_bind(sk, name, 0, 0); } @@ -3507,11 +3507,11 @@ static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, return -EOPNOTSUPP; uaddr->sa_family = AF_PACKET; - memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data)); + memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data_min)); rcu_read_lock(); dev = dev_get_by_index_rcu(sock_net(sk), READ_ONCE(pkt_sk(sk)->ifindex)); if (dev) - strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data)); + strscpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data_min)); rcu_read_unlock(); return sizeof(*uaddr); diff --git a/net/sched/Kconfig b/net/sched/Kconfig index 46f2847a0..49521aa33 100644 --- a/net/sched/Kconfig +++ b/net/sched/Kconfig @@ -45,23 +45,6 @@ if NET_SCHED comment "Queueing/Scheduling" -config NET_SCH_CBQ - tristate "Class Based Queueing (CBQ)" - ---help--- - Say Y here if you want to use the Class-Based Queueing (CBQ) packet - scheduling algorithm. This algorithm classifies the waiting packets - into a tree-like hierarchy of classes; the leaves of this tree are - in turn scheduled by separate algorithms. - - See the top of for more details. - - CBQ is a commonly used scheduler, so if you're unsure, you should - say Y here. Then say Y to all the queueing algorithms below that you - want to use as leaf disciplines. - - To compile this code as a module, choose M here: the - module will be called sch_cbq. - config NET_SCH_HTB tristate "Hierarchical Token Bucket (HTB)" ---help--- @@ -85,20 +68,6 @@ config NET_SCH_HFSC To compile this code as a module, choose M here: the module will be called sch_hfsc. -config NET_SCH_ATM - tristate "ATM Virtual Circuits (ATM)" - depends on ATM - ---help--- - Say Y here if you want to use the ATM pseudo-scheduler. This - provides a framework for invoking classifiers, which in turn - select classes of this queuing discipline. Each class maps - the flow(s) it is handling to a given virtual circuit. - - See the top of for more details. - - To compile this code as a module, choose M here: the - module will be called sch_atm. - config NET_SCH_PRIO tristate "Multi Band Priority Queueing (PRIO)" ---help--- @@ -217,17 +186,6 @@ config NET_SCH_GRED To compile this code as a module, choose M here: the module will be called sch_gred. -config NET_SCH_DSMARK - tristate "Differentiated Services marker (DSMARK)" - ---help--- - Say Y if you want to schedule packets according to the - Differentiated Services architecture proposed in RFC 2475. - Technical information on this method, with pointers to associated - RFCs, is available at . - - To compile this code as a module, choose M here: the - module will be called sch_dsmark. - config NET_SCH_NETEM tristate "Network emulator (NETEM)" ---help--- diff --git a/net/sched/Makefile b/net/sched/Makefile index fb2b90648..e5ea44ec1 100644 --- a/net/sched/Makefile +++ b/net/sched/Makefile @@ -31,20 +31,17 @@ obj-$(CONFIG_NET_IFE_SKBTCINDEX) += act_meta_skbtcindex.o obj-$(CONFIG_NET_ACT_TUNNEL_KEY)+= act_tunnel_key.o obj-$(CONFIG_NET_ACT_CT) += act_ct.o obj-$(CONFIG_NET_SCH_FIFO) += sch_fifo.o -obj-$(CONFIG_NET_SCH_CBQ) += sch_cbq.o obj-$(CONFIG_NET_SCH_HTB) += sch_htb.o obj-$(CONFIG_NET_SCH_HFSC) += sch_hfsc.o obj-$(CONFIG_NET_SCH_RED) += sch_red.o obj-$(CONFIG_NET_SCH_GRED) += sch_gred.o obj-$(CONFIG_NET_SCH_INGRESS) += sch_ingress.o -obj-$(CONFIG_NET_SCH_DSMARK) += sch_dsmark.o obj-$(CONFIG_NET_SCH_SFB) += sch_sfb.o obj-$(CONFIG_NET_SCH_SFQ) += sch_sfq.o obj-$(CONFIG_NET_SCH_TBF) += sch_tbf.o obj-$(CONFIG_NET_SCH_TEQL) += sch_teql.o obj-$(CONFIG_NET_SCH_PRIO) += sch_prio.o obj-$(CONFIG_NET_SCH_MULTIQ) += sch_multiq.o -obj-$(CONFIG_NET_SCH_ATM) += sch_atm.o obj-$(CONFIG_NET_SCH_NETEM) += sch_netem.o obj-$(CONFIG_NET_SCH_DRR) += sch_drr.o obj-$(CONFIG_NET_SCH_PLUG) += sch_plug.o diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c index 34dd0434d..f4f9b8cdb 100644 --- a/net/sched/sch_atm.c +++ b/net/sched/sch_atm.c @@ -396,13 +396,10 @@ static int atm_tc_enqueue(struct sk_buff *skb, struct Qdisc *sch, result = tcf_classify(skb, fl, &res, true); if (result < 0) continue; - if (result == TC_ACT_SHOT) - goto done; - flow = (struct atm_flow_data *)res.class; if (!flow) flow = lookup_flow(sch, res.classid); - goto drop; + goto done; } } flow = NULL; @@ -556,16 +553,16 @@ static int atm_tc_init(struct Qdisc *sch, struct nlattr *opt, if (!p->link.q) p->link.q = &noop_qdisc; pr_debug("atm_tc_init: link (%p) qdisc %p\n", &p->link, p->link.q); - p->link.vcc = NULL; - p->link.sock = NULL; - p->link.common.classid = sch->handle; - p->link.ref = 1; err = tcf_block_get(&p->link.block, &p->link.filter_list, sch, extack); if (err) return err; + p->link.vcc = NULL; + p->link.sock = NULL; + p->link.common.classid = sch->handle; + p->link.ref = 1; tasklet_init(&p->task, sch_atm_dequeue, (unsigned long)sch); return 0; } diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c index e6b84de41..39b427dc7 100644 --- a/net/sched/sch_cbq.c +++ b/net/sched/sch_cbq.c @@ -231,8 +231,6 @@ cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr) result = tcf_classify(skb, fl, &res, true); if (!fl || result < 0) goto fallback; - if (result == TC_ACT_SHOT) - return NULL; cl = (void *)res.class; if (!cl) { @@ -253,7 +251,8 @@ cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr) case TC_ACT_TRAP: *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN; /* fall through */ - fallthrough; + case TC_ACT_SHOT: + return NULL; case TC_ACT_RECLASSIFY: return cbq_reclassify(skb, cl); } @@ -361,7 +360,7 @@ cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch, struct sk_buff **to_free) { struct cbq_sched_data *q = qdisc_priv(sch); - int ret; + int uninitialized_var(ret); struct cbq_class *cl = cbq_classify(skb, sch, &ret); #ifdef CONFIG_NET_CLS_ACT @@ -1615,7 +1614,7 @@ cbq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **t err = tcf_block_get(&cl->block, &cl->filter_list, sch, extack); if (err) { kfree(cl); - goto failure; + return err; } if (tca[TCA_RATE]) { diff --git a/net/sched/sch_dsmark.c b/net/sched/sch_dsmark.c index 76ed1a05d..05605b30b 100644 --- a/net/sched/sch_dsmark.c +++ b/net/sched/sch_dsmark.c @@ -210,7 +210,7 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch, if (p->set_tc_index) { int wlen = skb_network_offset(skb); - switch (skb_protocol(skb, true)) { + switch (tc_skb_protocol(skb)) { case htons(ETH_P_IP): wlen += sizeof(struct iphdr); if (!pskb_may_pull(skb, wlen) || @@ -303,7 +303,7 @@ static struct sk_buff *dsmark_dequeue(struct Qdisc *sch) index = skb->tc_index & (p->indices - 1); pr_debug("index %d->%d\n", skb->tc_index, index); - switch (skb_protocol(skb, true)) { + switch (tc_skb_protocol(skb)) { case htons(ETH_P_IP): ipv4_change_dsfield(ip_hdr(skb), p->mv[index].mask, p->mv[index].value); @@ -320,7 +320,7 @@ static struct sk_buff *dsmark_dequeue(struct Qdisc *sch) */ if (p->mv[index].mask != 0xff || p->mv[index].value) pr_warn("%s: unsupported protocol %d\n", - __func__, ntohs(skb_protocol(skb, true))); + __func__, ntohs(tc_skb_protocol(skb))); break; } @@ -406,8 +406,7 @@ static void dsmark_reset(struct Qdisc *sch) struct dsmark_qdisc_data *p = qdisc_priv(sch); pr_debug("%s(sch %p,[qdisc %p])\n", __func__, sch, p); - if (p->q) - qdisc_reset(p->q); + qdisc_reset(p->q); sch->qstats.backlog = 0; sch->q.qlen = 0; } diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 38592d087..910da98d6 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1748,6 +1748,7 @@ int tls_sw_recvmsg(struct sock *sk, struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); struct tls_prot_info *prot = &tls_ctx->prot_info; struct sk_psock *psock; + int num_async, pending; unsigned char control = 0; ssize_t decrypted = 0; struct strp_msg *rxm; @@ -1760,8 +1761,6 @@ int tls_sw_recvmsg(struct sock *sk, bool is_kvec = iov_iter_is_kvec(&msg->msg_iter); bool is_peek = flags & MSG_PEEK; bool bpf_strp_enabled; - int num_async = 0; - int pending; flags |= nonblock; @@ -1778,17 +1777,18 @@ int tls_sw_recvmsg(struct sock *sk, if (err < 0) { tls_err_abort(sk, err); goto end; - } else { - copied = err; } - if (len <= copied) - goto recv_end; + copied = err; + if (len <= copied || (copied && control != TLS_RECORD_TYPE_DATA)) + goto end; target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); len = len - copied; timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); + decrypted = 0; + num_async = 0; while (len && (decrypted + copied < target || ctx->recv_pkt)) { bool retain_skb = false; bool zc = false; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 0926a30bc..c698fc458 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3350,6 +3350,7 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback * if_idx++; } + if_start = 0; wp_idx++; } out: @@ -3526,6 +3527,8 @@ static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) if (ntype != NL80211_IFTYPE_MESH_POINT) return -EINVAL; + if (otype != NL80211_IFTYPE_MESH_POINT) + return -EINVAL; if (netif_running(dev)) return -EBUSY; diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py index 894cc58c1..030a843a4 100755 --- a/scripts/bpf_helpers_doc.py +++ b/scripts/bpf_helpers_doc.py @@ -286,7 +286,7 @@ def print_footer(self): instructions to the kernel when the programs are loaded. The format for that string is identical to the one in use for kernel modules (Dual licenses, such as "Dual BSD/GPL", may be used). Some helper functions are only accessible to -programs that are compatible with the GNU Privacy License (GPL). +programs that are compatible with the GNU General Public License (GNU GPL). In order to use such helpers, the eBPF program must be loaded with the correct license string passed (via **attr**) to the **bpf**\ () system call, and this @@ -391,6 +391,154 @@ def print_one(self, helper): print('') +class PrinterHelpers(Printer): + """ + A printer for dumping collected information about helpers as C header to + be included from BPF program. + @helpers: array of Helper objects to print to standard output + """ + + type_fwds = [ + 'struct bpf_fib_lookup', + 'struct bpf_perf_event_data', + 'struct bpf_perf_event_value', + 'struct bpf_sock', + 'struct bpf_sock_addr', + 'struct bpf_sock_ops', + 'struct bpf_sock_tuple', + 'struct bpf_spin_lock', + 'struct bpf_sysctl', + 'struct bpf_tcp_sock', + 'struct bpf_tunnel_key', + 'struct bpf_xfrm_state', + 'struct pt_regs', + 'struct sk_reuseport_md', + 'struct sockaddr', + 'struct tcphdr', + + 'struct __sk_buff', + 'struct sk_msg_md', + 'struct xdp_md', + ] + known_types = { + '...', + 'void', + 'const void', + 'char', + 'const char', + 'int', + 'long', + 'unsigned long', + + '__be16', + '__be32', + '__wsum', + + 'struct bpf_fib_lookup', + 'struct bpf_perf_event_data', + 'struct bpf_perf_event_value', + 'struct bpf_sock', + 'struct bpf_sock_addr', + 'struct bpf_sock_ops', + 'struct bpf_sock_tuple', + 'struct bpf_spin_lock', + 'struct bpf_sysctl', + 'struct bpf_tcp_sock', + 'struct bpf_tunnel_key', + 'struct bpf_xfrm_state', + 'struct pt_regs', + 'struct sk_reuseport_md', + 'struct sockaddr', + 'struct tcphdr', + } + mapped_types = { + 'u8': '__u8', + 'u16': '__u16', + 'u32': '__u32', + 'u64': '__u64', + 's8': '__s8', + 's16': '__s16', + 's32': '__s32', + 's64': '__s64', + 'size_t': 'unsigned long', + 'struct bpf_map': 'void', + 'struct sk_buff': 'struct __sk_buff', + 'const struct sk_buff': 'const struct __sk_buff', + 'struct sk_msg_buff': 'struct sk_msg_md', + 'struct xdp_buff': 'struct xdp_md', + } + + def print_header(self): + header = '''\ +/* This is auto-generated file. See bpf_helpers_doc.py for details. */ + +/* Forward declarations of BPF structs */''' + + print(header) + for fwd in self.type_fwds: + print('%s;' % fwd) + print('') + + def print_footer(self): + footer = '' + print(footer) + + def map_type(self, t): + if t in self.known_types: + return t + if t in self.mapped_types: + return self.mapped_types[t] + print("") + print("Unrecognized type '%s', please add it to known types!" % t) + sys.exit(1) + + seen_helpers = set() + + def print_one(self, helper): + proto = helper.proto_break_down() + + if proto['name'] in self.seen_helpers: + return + self.seen_helpers.add(proto['name']) + + print('/*') + print(" * %s" % proto['name']) + print(" *") + if (helper.desc): + # Do not strip all newline characters: formatted code at the end of + # a section must be followed by a blank line. + for line in re.sub('\n$', '', helper.desc, count=1).split('\n'): + print(' *{}{}'.format(' \t' if line else '', line)) + + if (helper.ret): + print(' *') + print(' * Returns') + for line in helper.ret.rstrip().split('\n'): + print(' *{}{}'.format(' \t' if line else '', line)) + + print(' */') + print('static %s %s(*%s)(' % (self.map_type(proto['ret_type']), + proto['ret_star'], proto['name']), end='') + comma = '' + for i, a in enumerate(proto['args']): + t = a['type'] + n = a['name'] + if proto['name'] == 'bpf_get_socket_cookie' and i == 0: + t = 'void' + n = 'ctx' + one_arg = '{}{}'.format(comma, self.map_type(t)) + if n: + if a['star']: + one_arg += ' {}'.format(a['star']) + else: + one_arg += ' ' + one_arg += '{}'.format(n) + comma = ', ' + print(one_arg, end='') + + print(') = (void *) %d;' % len(self.seen_helpers)) + print('') + ############################################################################### # If script is launched from scripts/ from kernel tree and can access @@ -405,6 +553,8 @@ def print_one(self, helper): The RST-formatted output produced can be turned into a manual page with the rst2man utility. """) +argParser.add_argument('--header', action='store_true', + help='generate C header file') if (os.path.isfile(bpfh)): argParser.add_argument('--filename', help='path to include/uapi/linux/bpf.h', default=bpfh) @@ -417,5 +567,8 @@ def print_one(self, helper): headerParser.run() # Print formatted output to standard output. -printer = PrinterRST(headerParser.helpers) +if args.header: + printer = PrinterHelpers(headerParser.helpers) +else: + printer = PrinterRST(headerParser.helpers) printer.print_all() diff --git a/scripts/kernel-doc b/scripts/kernel-doc index 81dc91760..80fec0682 100755 --- a/scripts/kernel-doc +++ b/scripts/kernel-doc @@ -1085,7 +1085,8 @@ sub dump_struct($$) { $members =~ s/DECLARE_KFIFO\s*\(([^,)]+),\s*([^,)]+),\s*([^,)]+)\)/$2 \*$1/gos; # replace DECLARE_KFIFO_PTR $members =~ s/DECLARE_KFIFO_PTR\s*\(([^,)]+),\s*([^,)]+)\)/$2 \*$1/gos; - + # replace DECLARE_FLEX_ARRAY + $members =~ s/(?:__)?DECLARE_FLEX_ARRAY\s*\($args,\s*$args\)/$1 $2\[\]/gos; my $declaration = $members; # Split nested struct/union elements as newer ones diff --git a/sound/core/Makefile b/sound/core/Makefile index d123587c0..bc04acf4a 100644 --- a/sound/core/Makefile +++ b/sound/core/Makefile @@ -32,7 +32,6 @@ snd-pcm-dmaengine-objs := pcm_dmaengine.o snd-rawmidi-objs := rawmidi.o snd-timer-objs := timer.o snd-hrtimer-objs := hrtimer.o -snd-rtctimer-objs := rtctimer.o snd-hwdep-objs := hwdep.o snd-seq-device-objs := seq_device.o diff --git a/sound/soc/sunxi/sun4i-spdif.c b/sound/soc/sunxi/sun4i-spdif.c index cbe598b0f..680d64e0d 100644 --- a/sound/soc/sunxi/sun4i-spdif.c +++ b/sound/soc/sunxi/sun4i-spdif.c @@ -464,6 +464,11 @@ static const struct of_device_id sun4i_spdif_of_match[] = { .compatible = "allwinner,sun50i-h6-spdif", .data = &sun50i_h6_spdif_quirks, }, + { + .compatible = "allwinner,sun50i-h616-spdif", + /* Essentially the same as the H6, but without RX */ + .data = &sun50i_h6_spdif_quirks, + }, { /* sentinel */ } }; MODULE_DEVICE_TABLE(of, sun4i_spdif_of_match); diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index 43224c5ec..1bd285dc5 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -1091,6 +1091,19 @@ static void get_unpriv_disabled() static bool test_as_unpriv(struct bpf_test *test) { +#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS + /* Some architectures have strict alignment requirements. In + * that case, the BPF verifier detects if a program has + * unaligned accesses and rejects them. A user can pass + * BPF_F_ANY_ALIGNMENT to a program to override this + * check. That, however, will only work when a privileged user + * loads a program. An unprivileged user loading a program + * with this flag will be rejected prior entering the + * verifier. + */ + if (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS) + return false; +#endif return !test->prog_type || test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER || test->prog_type == BPF_PROG_TYPE_CGROUP_SKB; diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index 0533881bd..f4ce08c0d 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -459,6 +459,9 @@ static int its_sync_lpi_pending_table(struct kvm_vcpu *vcpu) } irq = vgic_get_irq(vcpu->kvm, NULL, intids[i]); + if (!irq) + continue; + raw_spin_lock_irqsave(&irq->irq_lock, flags); irq->pending_latch = pendmask & (1U << bit_nr); vgic_queue_irq_unlock(vcpu->kvm, irq, flags); @@ -1373,6 +1376,8 @@ static int vgic_its_cmd_handle_movall(struct kvm *kvm, struct vgic_its *its, for (i = 0; i < irq_count; i++) { irq = vgic_get_irq(kvm, NULL, intids[i]); + if (!irq) + continue; update_affinity(irq, vcpu2);